feat: Update scalibr and add support for bun.lock

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/go-git/go-billy/v5 v5.6.2
 	github.com/go-git/go-git/v5 v5.13.2
 	github.com/google/go-cmp v0.6.0
-	github.com/google/osv-scalibr v0.1.6-0.20250204042239-1e0c0f48841d
+	github.com/google/osv-scalibr v0.1.7-0.20250205161050-34e66e88be2f
 	github.com/ianlancetaylor/demangle v0.0.0-20240912202439-0a2b6291aafd
 	github.com/jedib0t/go-pretty/v6 v6.6.5
 	github.com/muesli/reflow v0.3.0

go.sum

@@ -184,6 +184,8 @@ github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l
 github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
 github.com/google/osv-scalibr v0.1.6-0.20250204042239-1e0c0f48841d h1:QoncpqAA6ehwjH6Zu9OV/TouftSIPChGH7cOPorzjWQ=
 github.com/google/osv-scalibr v0.1.6-0.20250204042239-1e0c0f48841d/go.mod h1:G4uAYcj3eBCWG0k7q8z5n9B4zcjT5iAZqQj2DbSeIoY=
+github.com/google/osv-scalibr v0.1.7-0.20250205161050-34e66e88be2f h1:wbB8jN6eUdQXS89gykLjjsybNG4KAAB9dCoUN6xlNPQ=
+github.com/google/osv-scalibr v0.1.7-0.20250205161050-34e66e88be2f/go.mod h1:QIEHZfY/muD9/oouPNaUQKpeZKr87pKOTNpXQxpVnoE=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=

pkg/osvscanner/internal/scanners/extractorbuilder.go

@@ -5,7 +5,6 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/cpp/conanlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/dart/pubspec"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/dotnet/depsjson"
-	"github.com/google/osv-scalibr/extractor/filesystem/language/dotnet/packageslockjson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/erlang/mixlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/golang/gobinary"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/golang/gomod"
@@ -15,6 +14,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradlelockfile"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/gradleverificationmetadataxml"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/java/pomxml"
+	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/bunlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagelockjson"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/pnpmlock"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/javascript/yarnlock"
@@ -48,26 +48,51 @@ var sbomExtractors = []filesystem.Extractor{
 }
 
 var lockfileExtractors = []filesystem.Extractor{
+	// C
 	conanlock.Extractor{},
-	packageslockjson.Extractor{},
+
+	// Erlang
 	mixlock.Extractor{},
+
+	// Flutter
 	pubspec.Extractor{},
+
+	// Go
 	gomod.Extractor{},
+
+	// Java
 	gradlelockfile.Extractor{},
 	gradleverificationmetadataxml.Extractor{},
+
+	// Javascript
 	packagelockjson.Extractor{},
 	pnpmlock.Extractor{},
 	yarnlock.Extractor{},
+	bunlock.Extractor{},
+
+	// PHP
 	composerlock.Extractor{},
+
+	// Python
 	pipfilelock.Extractor{},
 	pdmlock.Extractor{},
 	poetrylock.Extractor{},
 	requirements.Extractor{},
+	uvlock.Extractor{},
+
+	// R
 	renvlock.Extractor{},
+
+	// Ruby
 	gemfilelock.Extractor{},
+
+	// Rust
 	cargolock.Extractor{},
-	uvlock.Extractor{},
+
+	// NuGet
 	depsjson.Extractor{},
+
+	// Haskell
 	cabal.Extractor{},
 	stacklock.Extractor{},
 	// TODO: map the extracted packages to SwiftURL in OSV.dev