diff --git a/go.mod b/go.mod index cc8a5a68..30c339b7 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8 github.com/anchore/stereoscope v0.0.0-20230609190519-5b5049bf4d3a - github.com/anchore/syft v0.83.1 + github.com/anchore/syft v0.84.0 github.com/in-toto/in-toto-golang v0.4.1-0.20221018183522-731d0640b65f github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.9.3 @@ -109,7 +109,7 @@ require ( go.uber.org/goleak v1.2.0 // indirect golang.org/x/crypto v0.10.0 // indirect golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect - golang.org/x/mod v0.10.0 // indirect + golang.org/x/mod v0.11.0 // indirect golang.org/x/net v0.11.0 // indirect golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.9.0 // indirect diff --git a/go.sum b/go.sum index c6178e3f..5406b814 100644 --- a/go.sum +++ b/go.sum @@ -92,8 +92,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwM github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= github.com/anchore/stereoscope v0.0.0-20230609190519-5b5049bf4d3a h1:+Vu04kYx8/4W5WcLeg+HjTTYNNvVMEsXmW9lydK0Rz4= github.com/anchore/stereoscope v0.0.0-20230609190519-5b5049bf4d3a/go.mod h1:0LsgHgXO4QFnk2hsYwtqd3fR18PIZXlFLIl2qb9tu3g= -github.com/anchore/syft v0.83.1 h1:HWHuCHTfvcvlQaIJwHefNtDekjCbMpWLOLKmkxdoJcw= -github.com/anchore/syft v0.83.1/go.mod h1:7KRcwblqUS1pau/ZjSblPOJHM8bFGeQmsbuGutGMATE= +github.com/anchore/syft v0.84.0 h1:mU0xTGVFjuJDIr9pGjZfjcRmCdpSKsQxghZmWihdPDc= +github.com/anchore/syft v0.84.0/go.mod h1:QM2WJFbV/mvBnb7nR1yYLm0mIw0MVhjzgd/QaxYMA/g= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= @@ -674,8 +674,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= diff --git a/vendor/github.com/anchore/syft/internal/spdxlicense/license_list.go b/vendor/github.com/anchore/syft/internal/spdxlicense/license_list.go index 01513793..29db460f 100644 --- a/vendor/github.com/anchore/syft/internal/spdxlicense/license_list.go +++ b/vendor/github.com/anchore/syft/internal/spdxlicense/license_list.go @@ -1,9 +1,9 @@ // Code generated by go generate; DO NOT EDIT. -// This file was generated by robots at 2023-03-22 18:00:44.589388 -0400 EDT m=+0.160679640 +// This file was generated by robots at 2023-06-20 11:37:07.979104 -0400 EDT m=+0.478800893 // using data from https://spdx.org/licenses/licenses.json package spdxlicense -const Version = "3.20" +const Version = "3.21" var licenseIDs = map[string]string{ "0bsd": "0BSD", @@ -93,6 +93,11 @@ var licenseIDs = map[string]string{ "artistic2": "Artistic-2.0", "artistic2.0": "Artistic-2.0", "artistic2.0.0": "Artistic-2.0", + "aswfdigitalassets1": "ASWF-Digital-Assets-1.0", + "aswfdigitalassets1.0": "ASWF-Digital-Assets-1.0", + "aswfdigitalassets1.0.0": "ASWF-Digital-Assets-1.0", + "aswfdigitalassets1.1": "ASWF-Digital-Assets-1.1", + "aswfdigitalassets1.1.0": "ASWF-Digital-Assets-1.1", "baekmuk": "Baekmuk", "bahyph": "Bahyph", "barr": "Barr", @@ -108,6 +113,7 @@ var licenseIDs = map[string]string{ "blueoak1": "BlueOak-1.0.0", "blueoak1.0": "BlueOak-1.0.0", "blueoak1.0.0": "BlueOak-1.0.0", + "boehmgc": "Boehm-GC", "borceux": "Borceux", "briangladman3.0.0clause": "Brian-Gladman-3-Clause", "briangladman3.0clause": "Brian-Gladman-3-Clause", @@ -336,10 +342,13 @@ var licenseIDs = map[string]string{ "ccbysa3.0.0": "CC-BY-SA-3.0", "ccbysa3.0.0at": "CC-BY-SA-3.0-AT", "ccbysa3.0.0de": "CC-BY-SA-3.0-DE", + "ccbysa3.0.0igo": "CC-BY-SA-3.0-IGO", "ccbysa3.0at": "CC-BY-SA-3.0-AT", "ccbysa3.0de": "CC-BY-SA-3.0-DE", + "ccbysa3.0igo": "CC-BY-SA-3.0-IGO", "ccbysa3at": "CC-BY-SA-3.0-AT", "ccbysa3de": "CC-BY-SA-3.0-DE", + "ccbysa3igo": "CC-BY-SA-3.0-IGO", "ccbysa4": "CC-BY-SA-4.0", "ccbysa4.0": "CC-BY-SA-4.0", "ccbysa4.0.0": "CC-BY-SA-4.0", @@ -440,6 +449,7 @@ var licenseIDs = map[string]string{ "drl1.0": "DRL-1.0", "drl1.0.0": "DRL-1.0", "dsdp": "DSDP", + "dtoa": "dtoa", "dvipdfm": "dvipdfm", "ecl1": "ECL-1.0", "ecl1.0": "ECL-1.0", @@ -638,6 +648,9 @@ var licenseIDs = map[string]string{ "imlib2.0": "Imlib2", "imlib2.0.0": "Imlib2", "infozip": "Info-ZIP", + "innernet2": "Inner-Net-2.0", + "innernet2.0": "Inner-Net-2.0", + "innernet2.0.0": "Inner-Net-2.0", "intel": "Intel", "intelacpi": "Intel-ACPI", "interbase1": "Interbase-1.0", @@ -663,8 +676,11 @@ var licenseIDs = map[string]string{ "lal1.3": "LAL-1.3", "lal1.3.0": "LAL-1.3", "latex2.0.0e": "Latex2e", + "latex2.0.0etranslatednotice": "Latex2e-translated-notice", "latex2.0e": "Latex2e", + "latex2.0etranslatednotice": "Latex2e-translated-notice", "latex2e": "Latex2e", + "latex2etranslatednotice": "Latex2e-translated-notice", "leptonica": "Leptonica", "lgpl2": "LGPL-2.0-only", "lgpl2+": "LGPL-2.0-or-later", @@ -717,7 +733,14 @@ var licenseIDs = map[string]string{ "liliqrplus1": "LiLiQ-Rplus-1.1", "liliqrplus1.1": "LiLiQ-Rplus-1.1", "liliqrplus1.1.0": "LiLiQ-Rplus-1.1", + "linuxmanpages1.0.0para": "Linux-man-pages-1-para", + "linuxmanpages1.0para": "Linux-man-pages-1-para", + "linuxmanpages1para": "Linux-man-pages-1-para", "linuxmanpagescopyleft": "Linux-man-pages-copyleft", + "linuxmanpagescopyleft2.0.0para": "Linux-man-pages-copyleft-2-para", + "linuxmanpagescopyleft2.0para": "Linux-man-pages-copyleft-2-para", + "linuxmanpagescopyleft2para": "Linux-man-pages-copyleft-2-para", + "linuxmanpagescopyleftvar": "Linux-man-pages-copyleft-var", "linuxopenib": "Linux-OpenIB", "loop": "LOOP", "lpl1": "LPL-1.0", @@ -746,6 +769,7 @@ var licenseIDs = map[string]string{ "lzmasdk9to9.20": "LZMA-SDK-9.11-to-9.20", "makeindex": "MakeIndex", "martinbirgmeier": "Martin-Birgmeier", + "metamail": "metamail", "minpack": "Minpack", "miros": "MirOS", "mit": "MIT", @@ -754,6 +778,7 @@ var licenseIDs = map[string]string{ "mitcmu": "MIT-CMU", "mitenna": "MIT-enna", "mitfeh": "MIT-feh", + "mitfestival": "MIT-Festival", "mitmodernvariant": "MIT-Modern-Variant", "mitnfa": "MITNFA", "mitopengroup": "MIT-open-group", @@ -810,6 +835,7 @@ var licenseIDs = map[string]string{ "nicta1.0.0": "NICTA-1.0", "nistpd": "NIST-PD", "nistpdfallback": "NIST-PD-fallback", + "nistsoftware": "NIST-Software", "nlod1": "NLOD-1.0", "nlod1.0": "NLOD-1.0", "nlod1.0.0": "NLOD-1.0", @@ -908,6 +934,9 @@ var licenseIDs = map[string]string{ "oldap2.7.0": "OLDAP-2.7", "oldap2.8": "OLDAP-2.8", "oldap2.8.0": "OLDAP-2.8", + "olfl1": "OLFL-1.3", + "olfl1.3": "OLFL-1.3", + "olfl1.3.0": "OLFL-1.3", "oml": "OML", "openpbs2": "OpenPBS-2.3", "openpbs2.3": "OpenPBS-2.3", @@ -916,6 +945,9 @@ var licenseIDs = map[string]string{ "opl1": "OPL-1.0", "opl1.0": "OPL-1.0", "opl1.0.0": "OPL-1.0", + "opluk3": "OPL-UK-3.0", + "opluk3.0": "OPL-UK-3.0", + "opluk3.0.0": "OPL-UK-3.0", "opubl1": "OPUBL-1.0", "opubl1.0": "OPUBL-1.0", "opubl1.0.0": "OPUBL-1.0", @@ -1007,6 +1039,9 @@ var licenseIDs = map[string]string{ "sgib2": "SGI-B-2.0", "sgib2.0": "SGI-B-2.0", "sgib2.0.0": "SGI-B-2.0", + "sgp4": "SGP4", + "sgp4.0": "SGP4", + "sgp4.0.0": "SGP4", "shl0.5": "SHL-0.5", "shl0.5.0": "SHL-0.5", "shl0.51": "SHL-0.51", @@ -1052,6 +1087,7 @@ var licenseIDs = map[string]string{ "taprohl1.0.0": "TAPR-OHL-1.0", "tcl": "TCL", "tcpwrappers": "TCP-wrappers", + "termreadkey": "TermReadKey", "tmate": "TMate", "torque1": "TORQUE-1.1", "torque1.1": "TORQUE-1.1", @@ -1079,6 +1115,7 @@ var licenseIDs = map[string]string{ "unicodedfs2016.0": "Unicode-DFS-2016", "unicodedfs2016.0.0": "Unicode-DFS-2016", "unicodetou": "Unicode-TOU", + "unixcrypt": "UnixCrypt", "unlicense": "Unlicense", "upl1": "UPL-1.0", "upl1.0": "UPL-1.0", @@ -1103,6 +1140,7 @@ var licenseIDs = map[string]string{ "watcom1": "Watcom-1.0", "watcom1.0": "Watcom-1.0", "watcom1.0.0": "Watcom-1.0", + "widgetworkshop": "Widget-Workshop", "wsuipa": "Wsuipa", "wtfpl": "WTFPL", "wxwindows": "wxWindows", @@ -1112,7 +1150,11 @@ var licenseIDs = map[string]string{ "x11.0.0distributemodificationsvariant": "X11-distribute-modifications-variant", "x11.0distributemodificationsvariant": "X11-distribute-modifications-variant", "x11distributemodificationsvariant": "X11-distribute-modifications-variant", + "xdebug1": "Xdebug-1.03", + "xdebug1.03": "Xdebug-1.03", + "xdebug1.03.0": "Xdebug-1.03", "xerox": "Xerox", + "xfig": "Xfig", "xfree861": "XFree86-1.1", "xfree861.1": "XFree86-1.1", "xfree861.1.0": "XFree86-1.1", diff --git a/vendor/github.com/anchore/syft/syft/artifact/id.go b/vendor/github.com/anchore/syft/syft/artifact/id.go index 4b87fd29..c53ca7c9 100644 --- a/vendor/github.com/anchore/syft/syft/artifact/id.go +++ b/vendor/github.com/anchore/syft/syft/artifact/id.go @@ -22,5 +22,5 @@ func IDByHash(obj interface{}) (ID, error) { return "", fmt.Errorf("could not build ID for object=%+v: %w", obj, err) } - return ID(fmt.Sprintf("%x", f)), nil + return ID(fmt.Sprintf("%016x", f)), nil } diff --git a/vendor/golang.org/x/mod/modfile/print.go b/vendor/golang.org/x/mod/modfile/print.go index 524f9302..2a0123d4 100644 --- a/vendor/golang.org/x/mod/modfile/print.go +++ b/vendor/golang.org/x/mod/modfile/print.go @@ -16,7 +16,13 @@ import ( func Format(f *FileSyntax) []byte { pr := &printer{} pr.file(f) - return pr.Bytes() + + // remove trailing blank lines + b := pr.Bytes() + for len(b) > 0 && b[len(b)-1] == '\n' && (len(b) == 1 || b[len(b)-2] == '\n') { + b = b[:len(b)-1] + } + return b } // A printer collects the state during printing of a file or expression. @@ -59,7 +65,11 @@ func (p *printer) newline() { } p.trim() - p.printf("\n") + if b := p.Bytes(); len(b) == 0 || (len(b) >= 2 && b[len(b)-1] == '\n' && b[len(b)-2] == '\n') { + // skip the blank line at top of file or after a blank line + } else { + p.printf("\n") + } for i := 0; i < p.margin; i++ { p.printf("\t") } diff --git a/vendor/golang.org/x/mod/modfile/rule.go b/vendor/golang.org/x/mod/modfile/rule.go index 6bcde8fa..b4dd7997 100644 --- a/vendor/golang.org/x/mod/modfile/rule.go +++ b/vendor/golang.org/x/mod/modfile/rule.go @@ -35,12 +35,13 @@ import ( // A File is the parsed, interpreted form of a go.mod file. type File struct { - Module *Module - Go *Go - Require []*Require - Exclude []*Exclude - Replace []*Replace - Retract []*Retract + Module *Module + Go *Go + Toolchain *Toolchain + Require []*Require + Exclude []*Exclude + Replace []*Replace + Retract []*Retract Syntax *FileSyntax } @@ -58,6 +59,12 @@ type Go struct { Syntax *Line } +// A Toolchain is the toolchain statement. +type Toolchain struct { + Name string // "go1.21rc1" + Syntax *Line +} + // An Exclude is a single exclude statement. type Exclude struct { Mod module.Version @@ -296,9 +303,13 @@ func parseToFile(file string, data []byte, fix VersionFixer, strict bool) (parse return f, nil } -var GoVersionRE = lazyregexp.New(`^([1-9][0-9]*)\.(0|[1-9][0-9]*)$`) +var GoVersionRE = lazyregexp.New(`^([1-9][0-9]*)\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))?([a-z]+[0-9]+)?$`) var laxGoVersionRE = lazyregexp.New(`^v?(([1-9][0-9]*)\.(0|[1-9][0-9]*))([^0-9].*)$`) +// Toolchains must be named beginning with `go1`, +// like "go1.20.3" or "go1.20.3-gccgo". As a special case, "default" is also permitted. +var ToolchainRE = lazyregexp.New(`^default$|^go1($|\.)`) + func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, args []string, fix VersionFixer, strict bool) { // If strict is false, this module is a dependency. // We ignore all unknown directives as well as main-module-only @@ -364,6 +375,21 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a f.Go = &Go{Syntax: line} f.Go.Version = args[0] + case "toolchain": + if f.Toolchain != nil { + errorf("repeated toolchain statement") + return + } + if len(args) != 1 { + errorf("toolchain directive expects exactly one argument") + return + } else if strict && !ToolchainRE.MatchString(args[0]) { + errorf("invalid toolchain version '%s': must match format go1.23 or local", args[0]) + return + } + f.Toolchain = &Toolchain{Syntax: line} + f.Toolchain.Name = args[0] + case "module": if f.Module != nil { errorf("repeated module statement") @@ -612,6 +638,22 @@ func (f *WorkFile) add(errs *ErrorList, line *Line, verb string, args []string, f.Go = &Go{Syntax: line} f.Go.Version = args[0] + case "toolchain": + if f.Toolchain != nil { + errorf("repeated toolchain statement") + return + } + if len(args) != 1 { + errorf("toolchain directive expects exactly one argument") + return + } else if !ToolchainRE.MatchString(args[0]) { + errorf("invalid toolchain version '%s': must match format go1.23 or local", args[0]) + return + } + + f.Toolchain = &Toolchain{Syntax: line} + f.Toolchain.Name = args[0] + case "use": if len(args) != 1 { errorf("usage: %s local/dir", verb) @@ -926,7 +968,7 @@ func (f *File) Cleanup() { func (f *File) AddGoStmt(version string) error { if !GoVersionRE.MatchString(version) { - return fmt.Errorf("invalid language version string %q", version) + return fmt.Errorf("invalid language version %q", version) } if f.Go == nil { var hint Expr @@ -944,6 +986,44 @@ func (f *File) AddGoStmt(version string) error { return nil } +// DropGoStmt deletes the go statement from the file. +func (f *File) DropGoStmt() { + if f.Go != nil { + f.Go.Syntax.markRemoved() + f.Go = nil + } +} + +// DropToolchainStmt deletes the toolchain statement from the file. +func (f *File) DropToolchainStmt() { + if f.Toolchain != nil { + f.Toolchain.Syntax.markRemoved() + f.Toolchain = nil + } +} + +func (f *File) AddToolchainStmt(name string) error { + if !ToolchainRE.MatchString(name) { + return fmt.Errorf("invalid toolchain name %q", name) + } + if f.Toolchain == nil { + var hint Expr + if f.Go != nil && f.Go.Syntax != nil { + hint = f.Go.Syntax + } else if f.Module != nil && f.Module.Syntax != nil { + hint = f.Module.Syntax + } + f.Toolchain = &Toolchain{ + Name: name, + Syntax: f.Syntax.addLine(hint, "toolchain", name), + } + } else { + f.Toolchain.Name = name + f.Syntax.updateLine(f.Toolchain.Syntax, "toolchain", name) + } + return nil +} + // AddRequire sets the first require line for path to version vers, // preserving any existing comments for that line and removing all // other lines for path. @@ -1387,13 +1467,21 @@ func (f *File) DropRetract(vi VersionInterval) error { func (f *File) SortBlocks() { f.removeDups() // otherwise sorting is unsafe + // semanticSortForExcludeVersionV is the Go version (plus leading "v") at which + // lines in exclude blocks start to use semantic sort instead of lexicographic sort. + // See go.dev/issue/60028. + const semanticSortForExcludeVersionV = "v1.21" + useSemanticSortForExclude := f.Go != nil && semver.Compare("v"+f.Go.Version, semanticSortForExcludeVersionV) >= 0 + for _, stmt := range f.Syntax.Stmt { block, ok := stmt.(*LineBlock) if !ok { continue } less := lineLess - if block.Token[0] == "retract" { + if block.Token[0] == "exclude" && useSemanticSortForExclude { + less = lineExcludeLess + } else if block.Token[0] == "retract" { less = lineRetractLess } sort.SliceStable(block.Line, func(i, j int) bool { @@ -1496,6 +1584,22 @@ func lineLess(li, lj *Line) bool { return len(li.Token) < len(lj.Token) } +// lineExcludeLess reports whether li should be sorted before lj for lines in +// an "exclude" block. +func lineExcludeLess(li, lj *Line) bool { + if len(li.Token) != 2 || len(lj.Token) != 2 { + // Not a known exclude specification. + // Fall back to sorting lexicographically. + return lineLess(li, lj) + } + // An exclude specification has two tokens: ModulePath and Version. + // Compare module path by string order and version by semver rules. + if pi, pj := li.Token[0], lj.Token[0]; pi != pj { + return pi < pj + } + return semver.Compare(li.Token[1], lj.Token[1]) < 0 +} + // lineRetractLess returns whether li should be sorted before lj for lines in // a "retract" block. It treats each line as a version interval. Single versions // are compared as if they were intervals with the same low and high version. diff --git a/vendor/golang.org/x/mod/modfile/work.go b/vendor/golang.org/x/mod/modfile/work.go index 0c0e5215..75dc1c54 100644 --- a/vendor/golang.org/x/mod/modfile/work.go +++ b/vendor/golang.org/x/mod/modfile/work.go @@ -12,9 +12,10 @@ import ( // A WorkFile is the parsed, interpreted form of a go.work file. type WorkFile struct { - Go *Go - Use []*Use - Replace []*Replace + Go *Go + Toolchain *Toolchain + Use []*Use + Replace []*Replace Syntax *FileSyntax } @@ -109,7 +110,7 @@ func (f *WorkFile) Cleanup() { func (f *WorkFile) AddGoStmt(version string) error { if !GoVersionRE.MatchString(version) { - return fmt.Errorf("invalid language version string %q", version) + return fmt.Errorf("invalid language version %q", version) } if f.Go == nil { stmt := &Line{Token: []string{"go", version}} @@ -117,7 +118,7 @@ func (f *WorkFile) AddGoStmt(version string) error { Version: version, Syntax: stmt, } - // Find the first non-comment-only block that's and add + // Find the first non-comment-only block and add // the go statement before it. That will keep file comments at the top. i := 0 for i = 0; i < len(f.Syntax.Stmt); i++ { @@ -133,6 +134,56 @@ func (f *WorkFile) AddGoStmt(version string) error { return nil } +func (f *WorkFile) AddToolchainStmt(name string) error { + if !ToolchainRE.MatchString(name) { + return fmt.Errorf("invalid toolchain name %q", name) + } + if f.Toolchain == nil { + stmt := &Line{Token: []string{"toolchain", name}} + f.Toolchain = &Toolchain{ + Name: name, + Syntax: stmt, + } + // Find the go line and add the toolchain line after it. + // Or else find the first non-comment-only block and add + // the toolchain line before it. That will keep file comments at the top. + i := 0 + for i = 0; i < len(f.Syntax.Stmt); i++ { + if line, ok := f.Syntax.Stmt[i].(*Line); ok && len(line.Token) > 0 && line.Token[0] == "go" { + i++ + goto Found + } + } + for i = 0; i < len(f.Syntax.Stmt); i++ { + if _, ok := f.Syntax.Stmt[i].(*CommentBlock); !ok { + break + } + } + Found: + f.Syntax.Stmt = append(append(f.Syntax.Stmt[:i:i], stmt), f.Syntax.Stmt[i:]...) + } else { + f.Toolchain.Name = name + f.Syntax.updateLine(f.Toolchain.Syntax, "toolchain", name) + } + return nil +} + +// DropGoStmt deletes the go statement from the file. +func (f *WorkFile) DropGoStmt() { + if f.Go != nil { + f.Go.Syntax.markRemoved() + f.Go = nil + } +} + +// DropToolchainStmt deletes the toolchain statement from the file. +func (f *WorkFile) DropToolchainStmt() { + if f.Toolchain != nil { + f.Toolchain.Syntax.markRemoved() + f.Toolchain = nil + } +} + func (f *WorkFile) AddUse(diskPath, modulePath string) error { need := true for _, d := range f.Use { diff --git a/vendor/modules.txt b/vendor/modules.txt index 459c5716..da4952f4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -80,7 +80,7 @@ github.com/anchore/stereoscope/pkg/image/oci github.com/anchore/stereoscope/pkg/image/sif github.com/anchore/stereoscope/pkg/tree github.com/anchore/stereoscope/pkg/tree/node -# github.com/anchore/syft v0.83.1 +# github.com/anchore/syft v0.84.0 ## explicit; go 1.19 github.com/anchore/syft/internal github.com/anchore/syft/internal/bus @@ -627,7 +627,7 @@ golang.org/x/crypto/ssh/knownhosts golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/mod v0.10.0 +# golang.org/x/mod v0.11.0 ## explicit; go 1.17 golang.org/x/mod/internal/lazyregexp golang.org/x/mod/modfile