Draft
Conversation
crozzy
force-pushed
the
purls-implementation
branch
from
a0dc510 to
b41dc51
Compare
crozzy
force-pushed
the
purls
branch
2 times, most recently
from
0f94cbe to
f3a3d0f
Compare
crozzy
force-pushed
the
purls
branch
2 times, most recently
from
cb31ad4 to
55081fb
Compare
crozzy
force-pushed
the
purls-implementation
branch
2 times, most recently
from
a076ce9 to
78c3912
Compare
Fix bug where filesystem walk errors from rpm.FindDBs were silently swallowed. The defer attempted to modify a local 'err' variable but couldn't affect the returned error value due to unnamed return params. Changed function signature to use named return parameters matching the pattern in rpm.Scanner. This allows the defer to modify the returned error value. Using a bare return statement makes it clear that the defer will set the final error value. The bug caused PackageScanner to return ([], nil) when encountering filesystem errors (e.g., from zombie processes in /proc), instead of properly propagating the error. Signed-off-by: Guzman <guz@redhat.com>
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.7.6 to 5.8.0. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.6...v5.8.0) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.40.1 to 1.42.2. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.40.1...v1.42.2) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.42.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
crozzy
force-pushed
the
purls-implementation
branch
from
78c3912 to
bffc3a7
Compare
Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.5 to 0.5.6. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](spdx/tools-golang@v0.5.5...v0.5.6) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
crozzy
force-pushed
the
purls-implementation
branch
from
bffc3a7 to
478d3c6
Compare
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
🫡 Signed-off-by: Hank Donnay <hdonnay@redhat.com>
This adds a different API to the `toolkit/events` package that forwards to a `slog.Handler` extracted from a `context.Context`. This deprecates the (unused) `Group`/`Sink`/`Event` architecture in favor of a much simpler facade. The end goal of this addition is to allow claircore components to emit events into a separate per-request (whatever that means) event stream. Signed-off-by: Hank Donnay <hdonnay@redhat.com>
crozzy
force-pushed
the
purls-implementation
branch
from
478d3c6 to
212f2c1
Compare
Bumps [github.com/quay/claircore/toolkit](https://github.com/quay/claircore) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/quay/claircore/releases) - [Changelog](https://github.com/quay/claircore/blob/main/CHANGELOG.md) - [Commits](quay/claircore@v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/quay/claircore/toolkit dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the golang-x group with 3 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/crypto` from 0.46.0 to 0.47.0 - [Commits](golang/crypto@v0.46.0...v0.47.0) Updates `golang.org/x/net` from 0.48.0 to 0.49.0 - [Commits](golang/net@v0.48.0...v0.49.0) Updates `golang.org/x/sys` from 0.39.0 to 0.40.0 - [Commits](golang/sys@v0.39.0...v0.40.0) Updates `golang.org/x/text` from 0.32.0 to 0.33.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.32.0...v0.33.0) Updates `golang.org/x/tools` from 0.40.0 to 0.41.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.40.0...v0.41.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/net dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/text dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/tools dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>
crozzy
force-pushed
the
purls-implementation
branch
2 times, most recently
from
4d57690 to
97b4e6d
Compare
The function that checks if files were installed via RPMs gates the paths it considers with a regex, this regex was missing some binary paths that (when evaluated) don't contain a preceding slash. This also adds a path where the golang binaries are installed in some RH images. Signed-off-by: crozzy <joseph.crosland@gmail.com>
While thinking about quay#1728, I noticed that these are wrong and will probably subtly break things. Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. This patch minimally changes the matching logic to ensure the version code name isn't needed. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. This patch minimally changes the matching logic to ensure the version code name isn't needed. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to Maven PURLs and back. The group ID is extracted from the Package.Name and used as the PURL Namespace. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Uses distro qualifier to pass DID-VERSION but also supports distro_cpe as SUSE is a distro that includes a CPE in their os-release file. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Uses distro qualifier to pass DID-VERSION but also supports distro_cpe as amazon linux is a distro that includes a CPE in their os-release file. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
Add GeneratePURL and ParsePURL to translate from IndexRecord to PURL and back. Signed-off-by: crozzy <joseph.crosland@gmail.com>
There are now versions 4 and 5 that should be referenced in the code because this is not an updater that supports dynamic distribution discovery (yet). Signed-off-by: crozzy <joseph.crosland@gmail.com>
crozzy
force-pushed
the
purls-implementation
branch
from
97b4e6d to
99b48ff
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.