From c0c089ffd5a5560859f49fe3e968f4850b4e6ae9 Mon Sep 17 00:00:00 2001 From: Dan Luhring Date: Mon, 10 Jul 2023 10:24:42 -0400 Subject: [PATCH 1/3] fix: Don't use the actual redis or grpc CPEs for gems (#1926) Signed-off-by: Dan Luhring --- .../cataloger/common/cpe/candidate_by_package_type.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go index 875b6dad02c..6588ea8bb18 100644 --- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go +++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go @@ -461,6 +461,17 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup( VendorsToRemove: []string{"gradle"}, }, }, + // Ruby packages + { + pkg.GemPkg, + candidateKey{PkgName: "redis"}, + candidateRemovals{ProductsToRemove: []string{"redis"}}, + }, + { + pkg.GemPkg, + candidateKey{PkgName: "grpc"}, + candidateRemovals{ProductsToRemove: []string{"grpc"}}, + }, }) // buildCandidateLookup is a convenience function for creating the defaultCandidateAdditions set From d5d95da3b609f76497e4918b8d43a78323cb6d0d Mon Sep 17 00:00:00 2001 From: "anchore-actions-token-generator[bot]" <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Date: Mon, 10 Jul 2023 11:03:09 -0400 Subject: [PATCH 2/3] chore(deps): update bootstrap tools to latest versions (#1922) Signed-off-by: GitHub Co-authored-by: spiffcs --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e2f0707e97d..5e2d700a004 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ GOLANGCILINT_VERSION := v1.53.3 GOSIMPORTS_VERSION := v0.3.8 BOUNCER_VERSION := v0.4.0 CHRONICLE_VERSION := v0.6.0 -GORELEASER_VERSION := v1.19.1 +GORELEASER_VERSION := v1.19.2 YAJSV_VERSION := v1.4.1 COSIGN_VERSION := v2.1.1 QUILL_VERSION := v0.2.0 From d21fa843352f88154cc8d20d56dc22f07dbfe46f Mon Sep 17 00:00:00 2001 From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Date: Mon, 10 Jul 2023 11:44:54 -0400 Subject: [PATCH 3/3] chore: update iterations to protect against race (#1927) * chore: update iterations to protect against race --------- Signed-off-by: Christopher Phillips --- cmd/syft/cli/ui/handle_attestation_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/syft/cli/ui/handle_attestation_test.go b/cmd/syft/cli/ui/handle_attestation_test.go index 6fcc9fbfea2..12f6bf4c314 100644 --- a/cmd/syft/cli/ui/handle_attestation_test.go +++ b/cmd/syft/cli/ui/handle_attestation_test.go @@ -28,7 +28,7 @@ func TestHandler_handleAttestationStarted(t *testing.T) { // note: this model depends on a background reader. Multiple iterations ensures that the // reader has time to at least start and process the test fixture before the runModel // test harness completes (which is a fake event loop anyway). - iterations: 2, + iterations: 100, eventFn: func(t *testing.T) partybus.Event { reader := strings.NewReader("contents\nof\nstuff!") @@ -61,7 +61,7 @@ func TestHandler_handleAttestationStarted(t *testing.T) { // note: this model depends on a background reader. Multiple iterations ensures that the // reader has time to at least start and process the test fixture before the runModel // test harness completes (which is a fake event loop anyway). - iterations: 2, + iterations: 100, eventFn: func(t *testing.T) partybus.Event { reader := strings.NewReader("contents\nof\nstuff!")