deps: rollback to [email protected]

Signed-off-by: Christian Kotzbauer <[email protected]>

go.mod

@@ -4,7 +4,7 @@ go 1.19
 
 require (
 	github.com/anchore/stereoscope v0.0.0-20221130153459-3b80d983223f
-	github.com/anchore/syft v0.62.3
+	github.com/anchore/syft v0.62.1
 	github.com/ckotzbauer/libk8soci v0.0.0-20221204131059-13ed4e35ba04
 	github.com/ckotzbauer/libstandard v0.0.0-20221201063231-f92ba673952d
 	github.com/google/uuid v1.3.0

go.sum

@@ -470,8 +470,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTS
 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.0-20221130153459-3b80d983223f h1:JB4foD0R//XJ6oAtjK9h9ABjHhmzUAakjQRKMckPhnA=
 github.com/anchore/stereoscope v0.0.0-20221130153459-3b80d983223f/go.mod h1:Oa0EpewvxiynI8zxLGj2SZ6gSoGtBPQrbZNBrYNBsvE=
-github.com/anchore/syft v0.62.3 h1:2D5J2oeGIJ3BtIofRllxww4EdAv/dykekrF6zScanJY=
-github.com/anchore/syft v0.62.3/go.mod h1:QIZSl6B5mb+o6Rorz547sAWSRhLjKzNtTNXuO10udZU=
+github.com/anchore/syft v0.62.1 h1:3pIZb+Bm5wBJaKbcy48uW6WrSPdXmtCxScnA9ra2HPQ=
+github.com/anchore/syft v0.62.1/go.mod h1:aDR91I0K5EHp8oiE3DibOnOajF/A0N2tti46RNTiSrc=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=

internal/syft/fixtures/alpine.cyclonedx

@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:d597a0ae-e9c7-40bd-8dd2-d6972ecdac08" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:a4a367ab-c43c-4873-ab78-630e8d6c7ec7" version="1">
   <metadata>
-    <timestamp>2022-12-03T11:59:25+01:00</timestamp>
+    <timestamp>2022-12-04T16:01:46+01:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.62.3</version>
+        <version>0.62.1</version>
       </tool>
     </tools>
     <component bom-ref="241b78ecbec7d4b6" type="container">
@@ -169,18 +169,6 @@
         <property name="syft:metadata:size">120973</property>
       </properties>
     </component>
-    <component bom-ref="d49bb0510b7c7ca7" type="library">
-      <name>busybox</name>
-      <version>1.35.0</version>
-      <cpe>cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*</cpe>
-      <properties>
-        <property name="syft:package:language">binary</property>
-        <property name="syft:package:metadataType">BinaryMetadata</property>
-        <property name="syft:package:type">binary</property>
-        <property name="syft:location:0:layerID">sha256:af57c4b7f0528a43b8203bc339c656496635b7ce67b94c3f034b00a62e6fdf82</property>
-        <property name="syft:location:0:path">/bin/busybox</property>
-      </properties>
-    </component>
     <component bom-ref="pkg:alpine/[email protected]?arch=x86_64&amp;upstream=busybox&amp;distro=alpine-3.17.0_rc1&amp;package-id=757a346b43f898cc" type="library">
       <publisher>Sören Tempel &lt;[email protected]&gt;</publisher>
       <name>busybox</name>

internal/syft/fixtures/alpine.json

@@ -1078,31 +1078,6 @@
     ]
    }
   },
-  {
-   "id": "d49bb0510b7c7ca7",
-   "name": "busybox",
-   "version": "1.35.0",
-   "type": "binary",
-   "foundBy": "",
-   "locations": [
-    {
-     "path": "/bin/busybox",
-     "layerID": "sha256:af57c4b7f0528a43b8203bc339c656496635b7ce67b94c3f034b00a62e6fdf82"
-    }
-   ],
-   "licenses": [],
-   "language": "binary",
-   "cpes": [
-    "cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*"
-   ],
-   "purl": "",
-   "metadataType": "BinaryMetadata",
-   "metadata": {
-    "classifier": "busybox-binary",
-    "realPath": "/bin/busybox",
-    "virtualPath": "/bin/busybox"
-   }
-  },
   {
    "id": "757a346b43f898cc",
    "name": "busybox",
@@ -2426,16 +2401,6 @@
    "child": "a21cea1ea334e33",
    "type": "contains"
   },
-  {
-   "parent": "757a346b43f898cc",
-   "child": "d49bb0510b7c7ca7",
-   "type": "ownership-by-file-overlap",
-   "metadata": {
-    "files": [
-     "/bin/busybox"
-    ]
-   }
-  },
   {
    "parent": "757a346b43f898cc",
    "child": "e3e2f3630e2006e6",
@@ -2591,11 +2556,6 @@
    "child": "94014313cfcd2b71",
    "type": "contains"
   },
-  {
-   "parent": "9dd89930b3a7cc289bb4c70b85b7a910acb21240f52c405e586ca54db078a0c5",
-   "child": "d49bb0510b7c7ca7",
-   "type": "contains"
-  },
   {
    "parent": "9dd89930b3a7cc289bb4c70b85b7a910acb21240f52c405e586ca54db078a0c5",
    "child": "d9700f02cf26e8b8",
@@ -3294,7 +3254,7 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.62.3",
+  "version": "0.62.1",
   "configuration": {
    "configPath": "",
    "verbosity": 0,

internal/syft/fixtures/alpine.spdxjson

@@ -3,14 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "alpine@sha256:36a03c95c2f0c83775d500101869054b927143a8320728f0e135dc151cb8ae61",
- "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-36a03c95c2f0c83775d500101869054b927143a8320728f0e135dc151cb8ae61-fd4343a9-fd0b-4530-b314-688fbdb3c9ea",
+ "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-36a03c95c2f0c83775d500101869054b927143a8320728f0e135dc151cb8ae61-9961634b-0f2a-4967-842d-cdc010da5d7c",
  "creationInfo": {
   "licenseListVersion": "3.18",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.62.3"
+   "Tool: syft-0.62.1"
   ],
-  "created": "2022-12-03T10:59:28Z",
+  "created": "2022-12-04T15:01:51Z",
   "comment": ""
  },
  "packages": [
@@ -262,24 +262,6 @@
     }
    ]
   },
-  {
-   "name": "busybox",
-   "SPDXID": "SPDXRef-Package-binary-busybox-d49bb0510b7c7ca7",
-   "versionInfo": "1.35.0",
-   "downloadLocation": "NOASSERTION",
-   "sourceInfo": "acquired package info from the following paths: /bin/busybox",
-   "licenseConcluded": "NONE",
-   "licenseDeclared": "NONE",
-   "copyrightText": "NOASSERTION",
-   "externalRefs": [
-    {
-     "referenceCategory": "SECURITY",
-     "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*",
-     "comment": ""
-    }
-   ]
-  },
   {
    "name": "busybox",
    "SPDXID": "SPDXRef-Package-apk-busybox-757a346b43f898cc",
@@ -1655,12 +1637,6 @@
    "relatedSpdxElement": "SPDXRef-a21cea1ea334e33",
    "relationshipType": "CONTAINS"
   },
-  {
-   "spdxElementId": "SPDXRef-Package-apk-busybox-757a346b43f898cc",
-   "relatedSpdxElement": "SPDXRef-Package-binary-busybox-d49bb0510b7c7ca7",
-   "relationshipType": "OTHER",
-   "comment": "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by"
-  },
   {
    "spdxElementId": "SPDXRef-Package-apk-busybox-757a346b43f898cc",
    "relatedSpdxElement": "SPDXRef-e3e2f3630e2006e6",

internal/syft/fixtures/mysql.cyclonedx

@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:669f13fa-9256-491d-bdbb-9732df286324" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:fa7ce15e-d4bf-4479-b326-ebb86483ce29" version="1">
   <metadata>
-    <timestamp>2022-12-03T12:00:51+01:00</timestamp>
+    <timestamp>2022-12-04T16:03:08+01:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.62.3</version>
+        <version>0.62.1</version>
       </tool>
     </tools>
     <component bom-ref="ff873208b8358031" type="container">
@@ -2706,18 +2706,6 @@
         <property name="syft:location:3:path">/usr/lib/mysqlsh/lib/python3.9/site-packages/pycparser-2.21.dist-info/top_level.txt</property>
       </properties>
     </component>
-    <component bom-ref="ec4390d0c580e6b" type="library">
-      <name>python</name>
-      <version>3.9.13</version>
-      <cpe>cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*</cpe>
-      <properties>
-        <property name="syft:package:language">binary</property>
-        <property name="syft:package:metadataType">BinaryMetadata</property>
-        <property name="syft:package:type">binary</property>
-        <property name="syft:location:0:layerID">sha256:8848f79a3581bf86a7e56316dabb50874edc82861eded7258656f43d55aecb00</property>
-        <property name="syft:location:0:path">/usr/lib64/libpython3.9.so.1.0</property>
-      </properties>
-    </component>
     <component bom-ref="pkg:pypi/[email protected]?package-id=a3914181c2fbe0c5" type="library">
       <author>Gustavo Niemeyer &lt;[email protected]&gt;</author>
       <name>python-dateutil</name>

internal/syft/fixtures/mysql.json

@@ -242805,31 +242805,6 @@
     }
    }
   },
-  {
-   "id": "9efef1e832eed7c1",
-   "name": "python",
-   "version": "3.9.13",
-   "type": "binary",
-   "foundBy": "",
-   "locations": [
-    {
-     "path": "/usr/lib64/libpython3.9.so.1.0",
-     "layerID": "sha256:8848f79a3581bf86a7e56316dabb50874edc82861eded7258656f43d55aecb00"
-    }
-   ],
-   "licenses": [],
-   "language": "binary",
-   "cpes": [
-    "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*"
-   ],
-   "purl": "",
-   "metadataType": "BinaryMetadata",
-   "metadata": {
-    "classifier": "python-binary-lib",
-    "realPath": "/usr/lib64/libpython3.9.so.1.0",
-    "virtualPath": "/usr/lib64/libpython3.9.so.1.0"
-   }
-  },
   {
    "id": "a3914181c2fbe0c5",
    "name": "python-dateutil",
@@ -314338,11 +314313,6 @@
    "child": "9e4edc9305f3ce74",
    "type": "contains"
   },
-  {
-   "parent": "3fdbc2ee9a80a661f4aa7009ea5b4f0680094a0ad3d89582cb6cbc558691daaa",
-   "child": "9efef1e832eed7c1",
-   "type": "contains"
-  },
   {
    "parent": "3fdbc2ee9a80a661f4aa7009ea5b4f0680094a0ad3d89582cb6cbc558691daaa",
    "child": "9f58facbe8be5402",
@@ -321183,16 +321153,6 @@
    "child": "9ef3a72f63b2567",
    "type": "contains"
   },
-  {
-   "parent": "571b92f4521dba95",
-   "child": "9efef1e832eed7c1",
-   "type": "ownership-by-file-overlap",
-   "metadata": {
-    "files": [
-     "/usr/lib64/libpython3.9.so.1.0"
-    ]
-   }
-  },
   {
    "parent": "571b92f4521dba95",
    "child": "9f1704afc4eaa4d0",
@@ -471738,7 +471698,7 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.62.3",
+  "version": "0.62.1",
   "configuration": {
    "configPath": "",
    "verbosity": 0,

internal/syft/fixtures/mysql.spdxjson

@@ -3,14 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "mysql@sha256:96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492",
- "documentNamespace": "https://anchore.com/syft/image/mysql@sha256-96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492-b0a207ad-780b-4940-9904-540b6cf5e45e",
+ "documentNamespace": "https://anchore.com/syft/image/mysql@sha256-96439dd0d8d085cd90c8001be2c9dde07b8a68b472bd20efcbe3df78cff66492-53191ce4-ef5d-4ea8-aa07-e92d525f23e7",
  "creationInfo": {
   "licenseListVersion": "3.18",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.62.3"
+   "Tool: syft-0.62.1"
   ],
-  "created": "2022-12-03T11:01:30Z",
+  "created": "2022-12-04T15:03:45Z",
   "comment": ""
  },
  "packages": [
@@ -6028,24 +6028,6 @@
     }
    ]
   },
-  {
-   "name": "python",
-   "SPDXID": "SPDXRef-Package-binary-python-ec4390d0c580e6b",
-   "versionInfo": "3.9.13",
-   "downloadLocation": "NOASSERTION",
-   "sourceInfo": "acquired package info from the following paths: /usr/lib64/libpython3.9.so.1.0",
-   "licenseConcluded": "NONE",
-   "licenseDeclared": "NONE",
-   "copyrightText": "NOASSERTION",
-   "externalRefs": [
-    {
-     "referenceCategory": "SECURITY",
-     "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*",
-     "comment": ""
-    }
-   ]
-  },
   {
    "name": "python-dateutil",
    "SPDXID": "SPDXRef-Package-python-python-dateutil-a3914181c2fbe0c5",
@@ -131801,12 +131783,6 @@
    "relatedSpdxElement": "SPDXRef-ec2d735286e78374",
    "relationshipType": "CONTAINS"
   },
-  {
-   "spdxElementId": "SPDXRef-Package-rpm-python39-libs-571b92f4521dba95",
-   "relatedSpdxElement": "SPDXRef-Package-binary-python-ec4390d0c580e6b",
-   "relationshipType": "OTHER",
-   "comment": "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by"
-  },
   {
    "spdxElementId": "SPDXRef-Package-rpm-python39-libs-571b92f4521dba95",
    "relatedSpdxElement": "SPDXRef-ec859c95d532b5ed",

internal/syft/fixtures/node.cyclonedx

@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:da6e5297-482c-4b5d-b0fb-e4b200052743" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:478e4781-0667-44df-85eb-855c9be009e9" version="1">
   <metadata>
-    <timestamp>2022-12-03T12:02:10+01:00</timestamp>
+    <timestamp>2022-12-04T16:04:18+01:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.62.3</version>
+        <version>0.62.1</version>
       </tool>
     </tools>
     <component bom-ref="36cc3d123ca150cc" type="container">
@@ -6829,12 +6829,12 @@
         <property name="syft:location:0:path">/usr/local/lib/node_modules/npm/node_modules/negotiator/package.json</property>
       </properties>
     </component>
-    <component bom-ref="pkg:generic/[email protected]?package-id=e66b7829ad2d00a0" type="library">
+    <component bom-ref="2f43fea7157cf4ce" type="library">
       <name>node</name>
       <version>16.13.2</version>
       <cpe>cpe:2.3:a:nodejs:node.js:16.13.2:*:*:*:*:*:*:*</cpe>
-      <purl>pkg:generic/[email protected]</purl>
       <properties>
+        <property name="syft:package:foundBy">node-binary-cataloger</property>
         <property name="syft:package:language">javascript</property>
         <property name="syft:package:metadataType">BinaryMetadata</property>
         <property name="syft:package:type">binary</property>