Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix: duplicate packages, support pnpm lockfile v6 #1778

Merged
merged 1 commit into from
May 23, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented May 3, 2023

When #1752 was merged, it was overlooked that it could create duplicate packages. This PR prevents duplicate packages from being added and also adds support for PNPM lock file version 6.

Fixes #1762

Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow requested a review from a team May 5, 2023 15:52
@kzantow kzantow merged commit a3c5550 into anchore:main May 23, 2023
@kzantow kzantow deleted the fix/duplicate-pnpm-packages branch May 23, 2023 14:24
spiffcs added a commit that referenced this pull request Jun 5, 2023
* main: (21 commits)
  chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862)
  chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863)
  feat: source-version flag (#1859)
  chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851)
  accept main.version ldflags even without vcs (#1855)
  feat: add scope to pom properties (#1779)
  chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852)
  chore(deps): bump github.com/docker/docker (#1849)
  Add test to ensure package metadata is represented in the JSON schema (#1841)
  Fix directory resolver to consider CWD and root path input correctly (#1840)
  Migrate location-related structs to the file package (#1751)
  chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843)
  fix: add panic recovery for license parse (#1839)
  chore: return both failures when failed to retrieve an image with a scheme (#1801)
  Extract go module versions from ldflags for binaries built by go (#1832)
  fix: duplicate packages, support pnpm lockfile v6 (#1778)
  chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834)
  chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829)
  chore(deps): bump github.com/docker/docker (#1833)
  Keep original FileInfo persisted on file.Metadata structs (#1794)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

PNPM improvements: scanning does not support v6 and can result in duplicate packages
2 participants