Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update syft bootstrap tools to latest versions. #1204

Merged
merged 2 commits into from
Sep 14, 2022
Merged

Update syft bootstrap tools to latest versions. #1204

merged 2 commits into from
Sep 14, 2022

Conversation

anchore-actions-token-generator[bot]
Copy link
Contributor

@anchore-actions-token-generator anchore-actions-token-generator bot commented Sep 14, 2022
edited
Loading

@anchore-actions-token-generator anchore-actions-token-generator bot added the dependencies Involves changes to go.mod go.sum label Sep 14, 2022
@westonsteimel
Copy link
Contributor

To resolve CVE-2022-36056 in cosign

@github-actions
Copy link

github-actions bot commented Sep 14, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/alpmdb-cataloger-2                    11.4ms ± 0%    13.2ms ±10%  +15.52%  (p=0.008 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.30ms ± 2%    1.60ms ±10%  +22.83%  (p=0.016 n=4+5)
ImagePackageCatalogers/python-package-cataloger-2            3.24ms ± 1%    4.06ms ± 7%  +25.21%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.07ms ± 1%    1.27ms ± 7%  +19.28%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         744µs ± 1%     871µs ± 1%  +17.07%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     876µs ± 0%    1040µs ± 4%  +18.68%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                    1.27ms ± 1%    1.47ms ± 2%  +15.81%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      14.3ms ± 1%    16.3ms ± 1%  +14.17%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.21ms ± 1%    1.40ms ± 2%  +15.47%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.21µs ± 1%    2.46µs ± 5%  +11.40%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.36ms ± 1%    1.60ms ± 6%  +17.37%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    707µs ± 0%     895µs ± 2%  +26.45%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/alpmdb-cataloger-2                    5.26MB ± 0%    5.26MB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               202kB ± 0%     202kB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             944kB ± 0%     945kB ± 0%     ~     (p=0.151 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     214kB ± 0%     214kB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         158kB ± 0%     158kB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     203kB ± 0%     203kB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                     302kB ± 0%     301kB ± 0%   -0.17%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.44MB ± 0%    3.44MB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.25MB ± 0%    1.25MB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                369kB ± 0%     369kB ± 0%     ~     (p=0.905 n=5+4)
ImagePackageCatalogers/portage-cataloger-2                    136kB ± 0%     136kB ± 0%     ~     (p=0.151 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/alpmdb-cataloger-2                     85.7k ± 0%     85.7k ± 0%     ~     (p=0.365 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               4.25k ± 0%     4.25k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             16.6k ± 0%     16.6k ± 0%     ~     (p=0.294 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     5.53k ± 0%     5.53k ± 0%     ~     (p=0.651 n=5+4)
ImagePackageCatalogers/javascript-package-cataloger-2         3.32k ± 0%     3.32k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     4.60k ± 0%     4.60k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpm-db-cataloger-2                     8.13k ± 0%     8.13k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       57.5k ± 0%     57.5k ± 0%   +0.02%  (p=0.024 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      5.43k ± 0%     5.43k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                7.27k ± 0%     7.27k ± 0%     ~     (all equal)
ImagePackageCatalogers/portage-cataloger-2                    3.59k ± 0%     3.59k ± 0%     ~     (all equal)

@westonsteimel
Copy link
Contributor

Looks like there are some license issues with some deps getting flagged by bouncer

@kzantow
Copy link
Contributor

kzantow commented Sep 14, 2022

Yeah:

Unallowable license () from "github.com/alibabacloud-go/cr-20160607/client"
Unallowable license () from "github.com/alibabacloud-go/tea-xml/service"

@kzantow kzantow force-pushed the auto/latest-bootstrap-tools branch from 918be7a to a4d54dc Compare September 14, 2022 19:00
@kzantow kzantow merged commit 0a1cd25 into main Sep 14, 2022
@kzantow kzantow deleted the auto/latest-bootstrap-tools branch September 14, 2022 19:28
spiffcs added a commit to luhring/syft that referenced this pull request Sep 19, 2022
@spiffcs
Merge branch 'main' into apk-dependencies
2773d08 
* main:
  bug: remove chance for panic; provide default attestation path (anchore#1214)
  refactor: update Makefile organization; update DEVELOPING.md instructions (anchore#1212)
  refactor: replace ioutil=>io; update linter (anchore#1211)
  Update bootstrap tools to latest versions. (anchore#1204)
  Add gosimports (anchore#1205)
  refactor: move formats from internal into syft module (anchore#1172)
  warn on errors from RPM DB parsing (anchore#1200)
  docs: improve Singularity image source docs (anchore#1190)

Signed-off-by: Christopher Phillips <[email protected]>
spiffcs pushed a commit that referenced this pull request Sep 19, 2022
@anchore-actions-token-generator @spiffcs
Update bootstrap tools to latest versions. (#1204)
0886bcc 
Signed-off-by: Christopher Phillips <[email protected]>
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@anchore-actions-token-generator @aiwantaozi
Update bootstrap tools to latest versions. (anchore#1204)
df7cfa1
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@anchore-actions-token-generator @spiffcs
Update bootstrap tools to latest versions. (#1204)
3e16b52 
Signed-off-by: Christopher Phillips <[email protected]>
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@anchore-actions-token-generator @spiffcs
Update bootstrap tools to latest versions. (#1204)
22eb657 
Signed-off-by: Christopher Phillips <[email protected]>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@anchore-actions-token-generator
Update bootstrap tools to latest versions. (anchore#1204)
ac1c560
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
dependencies Involves changes to go.mod go.sum
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@westonsteimel @kzantow