Merge branch 'main' into python-k8s-fps

* main: chore: update iterations to protect against race (anchore#1927) chore(deps): update bootstrap tools to latest versions (anchore#1922) fix: Don't use the actual redis or grpc CPEs for gems (anchore#1926)
luhring · Jul 10, 2023 · cbb7a74 · cbb7a74
2 parents c0bf8fb + d21fa84
commit cbb7a74
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -14,7 +14,7 @@ GOLANGCILINT_VERSION := v1.53.3
 GOSIMPORTS_VERSION := v0.3.8
 BOUNCER_VERSION := v0.4.0
 CHRONICLE_VERSION := v0.6.0
-GORELEASER_VERSION := v1.19.1
+GORELEASER_VERSION := v1.19.2
 YAJSV_VERSION := v1.4.1
 COSIGN_VERSION := v2.1.1
 QUILL_VERSION := v0.2.0

diff --git a/cmd/syft/cli/ui/handle_attestation_test.go b/cmd/syft/cli/ui/handle_attestation_test.go
@@ -28,7 +28,7 @@ func TestHandler_handleAttestationStarted(t *testing.T) {
 			// note: this model depends on a background reader. Multiple iterations ensures that the
 			// reader has time to at least start and process the test fixture before the runModel
 			// test harness completes (which is a fake event loop anyway).
-			iterations: 2,
+			iterations: 100,
 			eventFn: func(t *testing.T) partybus.Event {
 				reader := strings.NewReader("contents\nof\nstuff!")
 
@@ -61,7 +61,7 @@ func TestHandler_handleAttestationStarted(t *testing.T) {
 			// note: this model depends on a background reader. Multiple iterations ensures that the
 			// reader has time to at least start and process the test fixture before the runModel
 			// test harness completes (which is a fake event loop anyway).
-			iterations: 2,
+			iterations: 100,
 			eventFn: func(t *testing.T) partybus.Event {
 				reader := strings.NewReader("contents\nof\nstuff!")
 

diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -466,6 +466,17 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup(
 				VendorsToRemove:  []string{"gradle"},
 			},
 		},
+		// Ruby packages
+		{
+			pkg.GemPkg,
+			candidateKey{PkgName: "redis"},
+			candidateRemovals{ProductsToRemove: []string{"redis"}},
+		},
+		{
+			pkg.GemPkg,
+			candidateKey{PkgName: "grpc"},
+			candidateRemovals{ProductsToRemove: []string{"grpc"}},
+		},
 	})
 
 // buildCandidateLookup is a convenience function for creating the defaultCandidateAdditions set