From a455b8eb4914348ce67327de491758d64e48bc8d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Sep 2024 17:09:28 +0000
Subject: [PATCH 1/2] build(deps): bump github.com/anchore/grype from 0.80.0 to
 0.80.1

Bumps [github.com/anchore/grype](https://github.com/anchore/grype) from 0.80.0 to 0.80.1.
- [Release notes](https://github.com/anchore/grype/releases)
- [Changelog](https://github.com/anchore/grype/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/grype/compare/v0.80.0...v0.80.1)

---
updated-dependencies:
- dependency-name: github.com/anchore/grype
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  8 ++++----
 go.sum | 14 ++++++++------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index 895f4908..d09173bd 100644
--- a/go.mod
+++ b/go.mod
@@ -15,9 +15,9 @@ require (
 	chainguard.dev/melange v0.12.0
 	cloud.google.com/go/storage v1.43.0
 	github.com/adrg/xdg v0.5.0
-	github.com/anchore/grype v0.80.0
+	github.com/anchore/grype v0.80.1
 	github.com/anchore/stereoscope v0.0.3
-	github.com/anchore/syft v1.11.1
+	github.com/anchore/syft v1.12.2
 	github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f
 	github.com/chainguard-dev/yam v0.1.1
 	github.com/charmbracelet/bubbles v0.20.0
@@ -349,14 +349,14 @@ require (
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gorm.io/gorm v1.25.11 // indirect
+	gorm.io/gorm v1.25.12 // indirect
 	k8s.io/apimachinery v0.31.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	modernc.org/libc v1.55.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.8.0 // indirect
-	modernc.org/sqlite v1.32.0 // indirect
+	modernc.org/sqlite v1.33.0 // indirect
 	mvdan.cc/sh/v3 v3.8.0 // indirect
 )
 
diff --git a/go.sum b/go.sum
index 3099c11c..a0ab6601 100644
--- a/go.sum
+++ b/go.sum
@@ -244,6 +244,8 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA
 github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/Rr4=
 github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
+github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
 github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE=
@@ -273,14 +275,14 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE+o2gozGEBoUMpX27lsku+xrMwlmBZJtbg=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype v0.80.0 h1:nedqwzcfyVQprEjTAY7X2w8sm0hKkCLSBf3TEDgXsRo=
-github.com/anchore/grype v0.80.0/go.mod h1:G9VpcSwea0sLMyOjdO2u9utNDBSC+4yeZ4GEr6tB1NQ=
+github.com/anchore/grype v0.80.1 h1:UpnvdHhZL5nEBhGNYHOdm3v9wdGt1lcl4gErFrcT3bc=
+github.com/anchore/grype v0.80.1/go.mod h1:Louf0XvhgWaUluXpVTRk6aVLOdyG0/4/AwG28TOaSaM=
 github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f h1:B/E9ixKNCasntpoch61NDaQyGPDXLEJlL+B9B/PbdbA=
 github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.3 h1:JRPHySy8S6P+Ff3IDiQ29ap1i8/laUQxDk9K1eFh/2U=
 github.com/anchore/stereoscope v0.0.3/go.mod h1:5DJheGPjVRsSqegTB24Zi6SCHnYQnA519yeIG+RG+I4=
-github.com/anchore/syft v1.11.1 h1:uJVmZ1WuhMw2cutCsBj0aUgUZxaNlbBNimZEISFttWY=
-github.com/anchore/syft v1.11.1/go.mod h1:iwb+87tx6Fg2+1bzKEzgNcaBS6zjFSx59uraw24xtIY=
+github.com/anchore/syft v1.12.2 h1:K5YXJ2Ox4C3+Q+rA4jDpsLAoYNd27RMfinvY2JmbEiM=
+github.com/anchore/syft v1.12.2/go.mod h1:xFMGMFmhWTK0CJvaKwz6OPVgRdcyCkl7QO/3O/JAXI0=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
@@ -1886,8 +1888,8 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/gorm v1.25.11 h1:/Wfyg1B/je1hnDx3sMkX+gAlxrlZpn6X0BXRlwXlvHg=
-gorm.io/gorm v1.25.11/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
+gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
+gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
 gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
 gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From e289f1c58981b78a01c77274176588a12252f3b7 Mon Sep 17 00:00:00 2001
From: Dan Luhring <dluhring@chainguard.dev>
Date: Fri, 13 Sep 2024 14:06:21 -0500
Subject: [PATCH 2/2] chore(sbom): update golden files for syft fix

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
---
 .../testdata/goldenfiles/aarch64/crane-0.19.1-r6.apk.syft.json  | 2 +-
 .../goldenfiles/aarch64/terraform-1.5.7-r12.apk.syft.json       | 2 +-
 .../goldenfiles/aarch64/thanos-0.32-0.32.5-r4.apk.syft.json     | 2 +-
 .../testdata/goldenfiles/x86_64/crane-0.19.1-r6.apk.syft.json   | 2 +-
 .../goldenfiles/x86_64/terraform-1.5.7-r12.apk.syft.json        | 2 +-
 .../goldenfiles/x86_64/thanos-0.32-0.32.5-r4.apk.syft.json      | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/sbom/testdata/goldenfiles/aarch64/crane-0.19.1-r6.apk.syft.json b/pkg/sbom/testdata/goldenfiles/aarch64/crane-0.19.1-r6.apk.syft.json
index 2ef4921b..7d7fe051 100644
--- a/pkg/sbom/testdata/goldenfiles/aarch64/crane-0.19.1-r6.apk.syft.json
+++ b/pkg/sbom/testdata/goldenfiles/aarch64/crane-0.19.1-r6.apk.syft.json
@@ -747,7 +747,7 @@
       "name": "stdlib",
       "version": "go1.22.4",
       "type": "go-module",
-      "foundBy": "",
+      "foundBy": "go-module-binary-cataloger",
       "locations": [
         {
           "path": "usr/bin/crane",
diff --git a/pkg/sbom/testdata/goldenfiles/aarch64/terraform-1.5.7-r12.apk.syft.json b/pkg/sbom/testdata/goldenfiles/aarch64/terraform-1.5.7-r12.apk.syft.json
index 8cc26701..ef700a31 100644
--- a/pkg/sbom/testdata/goldenfiles/aarch64/terraform-1.5.7-r12.apk.syft.json
+++ b/pkg/sbom/testdata/goldenfiles/aarch64/terraform-1.5.7-r12.apk.syft.json
@@ -5766,7 +5766,7 @@
       "name": "stdlib",
       "version": "go1.22.4",
       "type": "go-module",
-      "foundBy": "",
+      "foundBy": "go-module-binary-cataloger",
       "locations": [
         {
           "path": "usr/bin/terraform",
diff --git a/pkg/sbom/testdata/goldenfiles/aarch64/thanos-0.32-0.32.5-r4.apk.syft.json b/pkg/sbom/testdata/goldenfiles/aarch64/thanos-0.32-0.32.5-r4.apk.syft.json
index d418a929..2816d4d2 100644
--- a/pkg/sbom/testdata/goldenfiles/aarch64/thanos-0.32-0.32.5-r4.apk.syft.json
+++ b/pkg/sbom/testdata/goldenfiles/aarch64/thanos-0.32-0.32.5-r4.apk.syft.json
@@ -7598,7 +7598,7 @@
       "name": "stdlib",
       "version": "go1.21.5",
       "type": "go-module",
-      "foundBy": "",
+      "foundBy": "go-module-binary-cataloger",
       "locations": [
         {
           "path": "usr/bin/thanos",
diff --git a/pkg/sbom/testdata/goldenfiles/x86_64/crane-0.19.1-r6.apk.syft.json b/pkg/sbom/testdata/goldenfiles/x86_64/crane-0.19.1-r6.apk.syft.json
index 59f06496..ee49a7c0 100644
--- a/pkg/sbom/testdata/goldenfiles/x86_64/crane-0.19.1-r6.apk.syft.json
+++ b/pkg/sbom/testdata/goldenfiles/x86_64/crane-0.19.1-r6.apk.syft.json
@@ -751,7 +751,7 @@
       "name": "stdlib",
       "version": "go1.22.4",
       "type": "go-module",
-      "foundBy": "",
+      "foundBy": "go-module-binary-cataloger",
       "locations": [
         {
           "path": "usr/bin/crane",
diff --git a/pkg/sbom/testdata/goldenfiles/x86_64/terraform-1.5.7-r12.apk.syft.json b/pkg/sbom/testdata/goldenfiles/x86_64/terraform-1.5.7-r12.apk.syft.json
index 6c44c544..ef51808e 100644
--- a/pkg/sbom/testdata/goldenfiles/x86_64/terraform-1.5.7-r12.apk.syft.json
+++ b/pkg/sbom/testdata/goldenfiles/x86_64/terraform-1.5.7-r12.apk.syft.json
@@ -5770,7 +5770,7 @@
       "name": "stdlib",
       "version": "go1.22.4",
       "type": "go-module",
-      "foundBy": "",
+      "foundBy": "go-module-binary-cataloger",
       "locations": [
         {
           "path": "usr/bin/terraform",
diff --git a/pkg/sbom/testdata/goldenfiles/x86_64/thanos-0.32-0.32.5-r4.apk.syft.json b/pkg/sbom/testdata/goldenfiles/x86_64/thanos-0.32-0.32.5-r4.apk.syft.json
index 8389352c..5170a331 100644
--- a/pkg/sbom/testdata/goldenfiles/x86_64/thanos-0.32-0.32.5-r4.apk.syft.json
+++ b/pkg/sbom/testdata/goldenfiles/x86_64/thanos-0.32-0.32.5-r4.apk.syft.json
@@ -7602,7 +7602,7 @@
       "name": "stdlib",
       "version": "go1.21.5",
       "type": "go-module",
-      "foundBy": "",
+      "foundBy": "go-module-binary-cataloger",
       "locations": [
         {
           "path": "usr/bin/thanos",