From dd4b089aa5f01952388c6e53b3d19a8521734d85 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 13:11:34 -0500
Subject: [PATCH] Bump super-linter/super-linter from 6 to 7 (#93)

* Bump super-linter/super-linter from 6 to 7

Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 6 to 7.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix json-prettier error

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* fix markdown-prettier error

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* fix yaml-prettier errors

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
---
 .github/dependabot.yml       |  2 +-
 .github/workflows/ci.yml     |  2 +-
 .github/workflows/linter.yml |  2 +-
 RELEASE.md                   | 17 ++++----
 __tests__/data/sbom.json     | 77 +++++++++++++++++-------------------
 5 files changed, 48 insertions(+), 52 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 15c1469..3731540 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,7 +10,7 @@ updates:
           - minor
           - patch
     ignore:
-      - dependency-name: "actions/attest-sbom"
+      - dependency-name: 'actions/attest-sbom'
 
   - package-ecosystem: npm
     directory: /
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c8d5a4c..c72cb10 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -47,7 +47,7 @@ jobs:
         run: npm run ci-test
 
   test-attest-sbom:
-    name: Test attest-sbom action with local sbom file 
+    name: Test attest-sbom action with local sbom file
     runs-on: ubuntu-latest
     permissions:
       attestations: write
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index dec2bea..fb44d8a 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -38,7 +38,7 @@ jobs:
 
       - name: Lint Codebase
         id: super-linter
-        uses: super-linter/super-linter/slim@v6
+        uses: super-linter/super-linter/slim@v7
         env:
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: dist/**/*
diff --git a/RELEASE.md b/RELEASE.md
index 448093d..cc11b39 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,12 +1,12 @@
 # Release Instructions
 
-Follow the steps below to tag a new release for the
-`actions/attest-sbom` action.
+Follow the steps below to tag a new release for the `actions/attest-sbom`
+action.
 
-If changes were made to the internal `actions/attest-sbom/predicate`
-action (any updates to [`./predicate/action.yaml`](./predicate/action.yml) or
-any of the code in the [`./src`](./src) directory), start with step #1;
-otherwise, skip directly to step #5.
+If changes were made to the internal `actions/attest-sbom/predicate` action (any
+updates to [`./predicate/action.yaml`](./predicate/action.yml) or any of the
+code in the [`./src`](./src) directory), start with step #1; otherwise, skip
+directly to step #5.
 
 1. Merge the latest changes to the `main` branch.
 1. Create and push a new predicate tag of the form `predicate@X.X.X` following
@@ -17,9 +17,8 @@ otherwise, skip directly to step #5.
    git push --tags
    ```
 
-1. Update the reference to the `actions/attest-sbom/predicate`
-   action in [`action.yml`](./action.yml) to point to the SHA of the newly
-   created tag.
+1. Update the reference to the `actions/attest-sbom/predicate` action in
+   [`action.yml`](./action.yml) to point to the SHA of the newly created tag.
 1. Push the `action.yml` change and open a PR. Once it has been reviewed, merge
    the PR and proceed with the release instructions.
 1. Create a new release for the top-level action using a tag of the form
diff --git a/__tests__/data/sbom.json b/__tests__/data/sbom.json
index b99e92e..1dff297 100644
--- a/__tests__/data/sbom.json
+++ b/__tests__/data/sbom.json
@@ -1,41 +1,38 @@
 {
-    "spdxVersion": "SPDX-2.3",
-    "dataLicense": "CC0-1.0",
-    "SPDXID": "SPDXRef-DOCUMENT",
-    "name": "./",
-    "documentNamespace": "https://anchore.com/syft/dir/80b363b6-87f4-4162-853f-60d402537d20",
-    "creationInfo": {
-      "licenseListVersion": "3.22",
-      "creators": [
-        "Organization: Anchore, Inc",
-        "Tool: syft-0.103.1"
-      ],
-      "created": "2024-01-31T18:22:50Z"
-    },
-    "packages": [
-      {
-        "name": "@ampproject/remapping",
-        "SPDXID": "SPDXRef-Package-npm--ampproject-remapping-5266573ba4f24a42",
-        "versionInfo": "2.2.1",
-        "supplier": "NOASSERTION",
-        "downloadLocation": "NOASSERTION",
-        "filesAnalyzed": false,
-        "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock",
-        "licenseConcluded": "NOASSERTION",
-        "licenseDeclared": "Apache-2.0",
-        "copyrightText": "NOASSERTION",
-        "externalRefs": [
-          {
-            "referenceCategory": "SECURITY",
-            "referenceType": "cpe23Type",
-            "referenceLocator": "cpe:2.3:a:\\@ampproject\\/remapping:\\@ampproject\\/remapping:2.2.1:*:*:*:*:*:*:*"
-          },
-          {
-            "referenceCategory": "PACKAGE-MANAGER",
-            "referenceType": "purl",
-            "referenceLocator": "pkg:npm/%40ampproject/remapping@2.2.1"
-          }
-        ]
-      }
-    ]
-}
\ No newline at end of file
+  "spdxVersion": "SPDX-2.3",
+  "dataLicense": "CC0-1.0",
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "name": "./",
+  "documentNamespace": "https://anchore.com/syft/dir/80b363b6-87f4-4162-853f-60d402537d20",
+  "creationInfo": {
+    "licenseListVersion": "3.22",
+    "creators": ["Organization: Anchore, Inc", "Tool: syft-0.103.1"],
+    "created": "2024-01-31T18:22:50Z"
+  },
+  "packages": [
+    {
+      "name": "@ampproject/remapping",
+      "SPDXID": "SPDXRef-Package-npm--ampproject-remapping-5266573ba4f24a42",
+      "versionInfo": "2.2.1",
+      "supplier": "NOASSERTION",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "Apache-2.0",
+      "copyrightText": "NOASSERTION",
+      "externalRefs": [
+        {
+          "referenceCategory": "SECURITY",
+          "referenceType": "cpe23Type",
+          "referenceLocator": "cpe:2.3:a:\\@ampproject\\/remapping:\\@ampproject\\/remapping:2.2.1:*:*:*:*:*:*:*"
+        },
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:npm/%40ampproject/remapping@2.2.1"
+        }
+      ]
+    }
+  ]
+}