From e100776f222d00e98b8695b7445213b286236d85 Mon Sep 17 00:00:00 2001
From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Date: Thu, 4 Apr 2024 10:33:51 -0400
Subject: [PATCH] chore: update anchore/packageurl-go to use latest commits
 (#2746)

chore: update packageurl-go dependency to use latest commits
chore: go mod tidy
unit: update + -> %2B
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 go.mod                                                 | 2 +-
 go.sum                                                 | 4 ++--
 syft/pkg/cataloger/alpine/package_test.go              | 2 +-
 syft/pkg/cataloger/binary/classifier_cataloger_test.go | 8 ++++----
 syft/pkg/cataloger/golang/parse_go_binary_test.go      | 2 +-
 syft/pkg/cataloger/python/cataloger_test.go            | 4 ++--
 syft/pkg/cataloger/python/package_test.go              | 2 +-
 7 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index b58bc9c95..63b8f5fda 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
-	github.com/anchore/packageurl-go v0.1.1-0.20240202171727-877e1747d426
+	github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4
 	github.com/anchore/stereoscope v0.0.2-0.20240229175558-fe426d1b1c84
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
 	// we are hinting brotli to latest due to warning when installing archiver v3:
diff --git a/go.sum b/go.sum
index 11c5782df..7bac38ecd 100644
--- a/go.sum
+++ b/go.sum
@@ -109,8 +109,8 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/packageurl-go v0.1.1-0.20240202171727-877e1747d426 h1:agoiZchSf1Nnnos1azwIg5hk5Ao9TzZNBD9++AChGEg=
-github.com/anchore/packageurl-go v0.1.1-0.20240202171727-877e1747d426/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
+github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 h1:SjemQ90fgflz39HG+VMkNfrpUVJpcFW6ZFA3TDXqzBM=
+github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.2-0.20240229175558-fe426d1b1c84 h1:/E74wU51M87fX5UWHubLZiENXbuAci+xtbSb+JFsIYg=
 github.com/anchore/stereoscope v0.0.2-0.20240229175558-fe426d1b1c84/go.mod h1:evQiJMQG56Z7/L5uhA8kfhhjF6ESJUZzUH9ms6bQ2Co=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
diff --git a/syft/pkg/cataloger/alpine/package_test.go b/syft/pkg/cataloger/alpine/package_test.go
index 23a5fffd4..78cc77417 100644
--- a/syft/pkg/cataloger/alpine/package_test.go
+++ b/syft/pkg/cataloger/alpine/package_test.go
@@ -80,7 +80,7 @@ func Test_PackageURL(t *testing.T) {
 				ID:        "alpine",
 				VersionID: "3.4.6",
 			},
-			expected: "pkg:apk/alpine/g++@v84?arch=am86&distro=alpine-3.4.6",
+			expected: "pkg:apk/alpine/g%2B%2B@v84?arch=am86&distro=alpine-3.4.6",
 		},
 		{
 			metadata: parsedData{
diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
index b9710f0d4..6257be611 100644
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@@ -622,7 +622,7 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Name:      "java",
 				Version:   "11.0.17+8-LTS",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@11.0.17+8-LTS",
+				PURL:      "pkg:generic/java@11.0.17%2B8-LTS",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
@@ -633,7 +633,7 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Name:      "java",
 				Version:   "17.0.3+7-jvmci-22.1-b06",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@17.0.3+7-jvmci-22.1-b06",
+				PURL:      "pkg:generic/java@17.0.3%2B7-jvmci-22.1-b06",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-graalvm", "java"),
 			},
@@ -646,7 +646,7 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Name:      "java",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1+10-21",
+				PURL:      "pkg:generic/java@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
@@ -659,7 +659,7 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Name:      "java",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1+10-21",
+				PURL:      "pkg:generic/java@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
diff --git a/syft/pkg/cataloger/golang/parse_go_binary_test.go b/syft/pkg/cataloger/golang/parse_go_binary_test.go
index f4fc84fc5..583b762a0 100644
--- a/syft/pkg/cataloger/golang/parse_go_binary_test.go
+++ b/syft/pkg/cataloger/golang/parse_go_binary_test.go
@@ -867,7 +867,7 @@ func TestBuildGoPkgInfo(t *testing.T) {
 					Language: pkg.Go,
 					Type:     pkg.GoModulePkg,
 					Version:  "v1.0.0-somethingelse+incompatible",
-					PURL:     "pkg:golang/github.com/anchore/syft@v1.0.0-somethingelse+incompatible",
+					PURL:     "pkg:golang/github.com/anchore/syft@v1.0.0-somethingelse%2Bincompatible",
 					Locations: file.NewLocationSet(
 						file.NewLocationFromCoordinates(
 							file.Coordinates{
diff --git a/syft/pkg/cataloger/python/cataloger_test.go b/syft/pkg/cataloger/python/cataloger_test.go
index 103a0757c..4ea511dcf 100644
--- a/syft/pkg/cataloger/python/cataloger_test.go
+++ b/syft/pkg/cataloger/python/cataloger_test.go
@@ -115,7 +115,7 @@ func Test_PackageCataloger(t *testing.T) {
 			expectedPackage: pkg.Package{
 				Name:     "Pygments",
 				Version:  "2.6.1",
-				PURL:     "pkg:pypi/Pygments@2.6.1?vcs_url=git+https://github.com/python-test/test.git%40aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+				PURL:     "pkg:pypi/Pygments@2.6.1?vcs_url=git%2Bhttps://github.com/python-test/test.git%40aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 				Type:     pkg.PythonPkg,
 				Language: pkg.Python,
 				Licenses: pkg.NewLicenseSet(
@@ -154,7 +154,7 @@ func Test_PackageCataloger(t *testing.T) {
 			expectedPackage: pkg.Package{
 				Name:     "Pygments",
 				Version:  "2.6.1",
-				PURL:     "pkg:pypi/Pygments@2.6.1?vcs_url=git+https://github.com/python-test/test.git%40aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+				PURL:     "pkg:pypi/Pygments@2.6.1?vcs_url=git%2Bhttps://github.com/python-test/test.git%40aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 				Type:     pkg.PythonPkg,
 				Language: pkg.Python,
 				Licenses: pkg.NewLicenseSet(
diff --git a/syft/pkg/cataloger/python/package_test.go b/syft/pkg/cataloger/python/package_test.go
index 58afd98b8..0b88336a7 100644
--- a/syft/pkg/cataloger/python/package_test.go
+++ b/syft/pkg/cataloger/python/package_test.go
@@ -35,7 +35,7 @@ func Test_packageURL(t *testing.T) {
 					CommitID: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 				},
 			},
-			want: "pkg:pypi/name@v0.1.0?vcs_url=git+https://github.com/test/test.git%40aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+			want: "pkg:pypi/name@v0.1.0?vcs_url=git%2Bhttps://github.com/test/test.git%40aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 		},
 	}
 	for _, tt := range tests {