Fix dependency errors

go.mod

@@ -115,40 +115,8 @@ require (
 	github.com/twitchtv/twirp v8.1.3+incompatible
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/xlab/treeprint v1.2.0
-	go.etcd.io/bbolt v1.3.9
-	go.uber.org/zap v1.27.0
-	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
-	golang.org/x/mod v0.15.0
-	golang.org/x/net v0.21.0
-	golang.org/x/sync v0.6.0
-	golang.org/x/term v0.17.0
-	golang.org/x/text v0.14.0
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
-	google.golang.org/protobuf v1.33.0
-	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.29.1
-	k8s.io/utils v0.0.0-20231127182322-b307cd553661
-	modernc.org/sqlite v1.28.0
-)
-
-require (
-	github.com/alecthomas/chroma v0.10.0
-	github.com/antchfx/htmlquery v1.3.0
-	github.com/apparentlymart/go-cidr v1.1.0
-	github.com/aws/smithy-go v1.20.2
-	github.com/hashicorp/go-uuid v1.0.3
-	github.com/hashicorp/go-version v1.6.0
-	github.com/hashicorp/hc-install v0.6.3
-	github.com/hashicorp/hcl/v2 v2.19.1
-	github.com/hashicorp/terraform-exec v0.20.0
-	github.com/liamg/iamgo v0.0.9
-	github.com/liamg/memoryfs v1.6.0
-	github.com/mitchellh/go-homedir v1.1.0
-	github.com/owenrumney/squealer v1.2.2
-	github.com/zclconf/go-cty v1.14.1
-	github.com/zclconf/go-cty-yaml v1.0.3
 	go.etcd.io/bbolt v1.3.10
-	golang.org/x/crypto v0.23.0
+	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
 	golang.org/x/mod v0.17.0
 	golang.org/x/net v0.25.0
@@ -158,10 +126,16 @@ require (
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
 	google.golang.org/protobuf v1.34.1
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.15.1
 	k8s.io/api v0.30.1
 	k8s.io/utils v0.0.0-20231127182322-b307cd553661
 	modernc.org/sqlite v1.29.10
+)
+
+require (
+	github.com/zclconf/go-cty v1.14.4
+	github.com/zclconf/go-cty-yaml v1.0.3
+	golang.org/x/crypto v0.23.0
+	helm.sh/helm/v3 v3.15.1
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -419,7 +393,6 @@ require (
 	go.opentelemetry.io/otel/trace v1.27.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/oauth2 v0.18.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/time v0.5.0 // indirect

pkg/dependency/parser/executable/nodejs/parse.go

@@ -5,10 +5,10 @@ package nodejsparser
 import (
 	"bytes"
 	"regexp"
+
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/dependency"
-	"github.com/aquasecurity/trivy/pkg/dependency/types"
 	exe "github.com/aquasecurity/trivy/pkg/dependency/parser/executable"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	xio "github.com/aquasecurity/trivy/pkg/x/io"
@@ -20,12 +20,12 @@ var (
 
 type Parser struct{}
 
-func NewParser() types.Parser {
+func NewParser() *Parser {
 	return &Parser{}
 }
 
 // Parse scans file to try to report the NodeJS version.
-func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
 	x, err := exe.OpenExe(r)
 	if err != nil {
 		return nil, nil, ErrUnrecognizedExe
@@ -36,9 +36,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 		return nil, nil, nil
 	}
 
-	var libs []types.Library
-	libs = append(libs, types.Library{
-		ID: dependency.ID(ftypes.NodeJsExecutable, mod, vers),
+	var libs []ftypes.Package
+	libs = append(libs, ftypes.Package{
+		ID:      dependency.ID(ftypes.NodeJsExecutable, mod, vers),
 		Name:    mod,
 		Version: vers,
 	})

pkg/dependency/parser/executable/nodejs/parse_test.go

@@ -7,23 +7,23 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/aquasecurity/trivy/pkg/dependency/types"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func TestParse(t *testing.T) {
 	tests := []struct {
 		name      string
 		inputFile string
-		want      []types.Library
+		want      []types.Package
 		wantDep   []types.Dependency
 		wantErr   string
 	}{
 		{
 			name:      "ELF12",
 			inputFile: "testdata/node.12.elf",
-			want: []types.Library{
+			want: []types.Package{
 				{
-					ID: 	 "node@12.16.3",
+					ID:      "node@12.16.3",
 					Name:    "node",
 					Version: "12.16.3",
 				},

pkg/dependency/parser/executable/php/parse.go

@@ -5,10 +5,10 @@ package phpparser
 import (
 	"bytes"
 	"regexp"
+
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/dependency"
-	"github.com/aquasecurity/trivy/pkg/dependency/types"
 	exe "github.com/aquasecurity/trivy/pkg/dependency/parser/executable"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	xio "github.com/aquasecurity/trivy/pkg/x/io"
@@ -21,12 +21,12 @@ var (
 
 type Parser struct{}
 
-func NewParser() types.Parser {
+func NewParser() *Parser {
 	return &Parser{}
 }
 
 // Parse scans file to try to report the Python version.
-func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
 	x, err := exe.OpenExe(r)
 	if err != nil {
 		return nil, nil, ErrUnrecognizedExe
@@ -37,9 +37,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 		return nil, nil, nil
 	}
 
-	var libs []types.Library
-	libs = append(libs, types.Library{
-		ID: dependency.ID(ftypes.PhpExecutable, name, vers),
+	var libs []ftypes.Package
+	libs = append(libs, ftypes.Package{
+		ID:      dependency.ID(ftypes.PhpExecutable, name, vers),
 		Name:    name,
 		Version: vers,
 	})

pkg/dependency/parser/executable/php/parse_test.go

@@ -7,22 +7,22 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/aquasecurity/trivy/pkg/dependency/types"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func TestParse(t *testing.T) {
 	tests := []struct {
 		name      string
 		inputFile string
-		want      []types.Library
+		want      []types.Package
 		wantErr   string
 	}{
 		{
 			name:      "ELF",
 			inputFile: "testdata/php.elf",
-			want: []types.Library{
+			want: []types.Package{
 				{
-					ID: 	 "php@8.0.7",
+					ID:      "php@8.0.7",
 					Name:    "php",
 					Version: "8.0.7",
 				},

pkg/dependency/parser/executable/python/parse_test.go

@@ -7,23 +7,23 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/aquasecurity/trivy/pkg/dependency/types"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func TestParse(t *testing.T) {
 	tests := []struct {
 		name      string
 		inputFile string
-		want      []types.Library
+		want      []types.Package
 		wantDep   []types.Dependency
 		wantErr   string
 	}{
 		{
 			name:      "ELF2.7",
 			inputFile: "testdata/python2.7.elf",
-			want: []types.Library{
+			want: []types.Package{
 				{
-					ID: 	 "python@2.7.18",
+					ID:      "python@2.7.18",
 					Name:    "python",
 					Version: "2.7.18",
 				},
@@ -32,9 +32,9 @@ func TestParse(t *testing.T) {
 		{
 			name:      "ELF3.9",
 			inputFile: "testdata/python3.9.elf",
-			want: []types.Library{
+			want: []types.Package{
 				{
-					ID: 	 "python@3.9.19",
+					ID:      "python@3.9.19",
 					Name:    "python",
 					Version: "3.9.19",
 				},
@@ -43,9 +43,9 @@ func TestParse(t *testing.T) {
 		{
 			name:      "ELF3.10",
 			inputFile: "testdata/python3.10.elf",
-			want: []types.Library{
+			want: []types.Package{
 				{
-					ID: 	 "python@3.10.12",
+					ID:      "python@3.10.12",
 					Name:    "python",
 					Version: "3.10.12",
 				},

pkg/dependency/parser/executable/python/parser.go

@@ -5,10 +5,10 @@ package pythonparser
 import (
 	"bytes"
 	"regexp"
+
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/dependency"
-	"github.com/aquasecurity/trivy/pkg/dependency/types"
 	exe "github.com/aquasecurity/trivy/pkg/dependency/parser/executable"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	xio "github.com/aquasecurity/trivy/pkg/x/io"
@@ -21,12 +21,12 @@ var (
 
 type Parser struct{}
 
-func NewParser() types.Parser {
+func NewParser() *Parser {
 	return &Parser{}
 }
 
 // Parse scans file to try to report the Python version.
-func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
 	x, err := exe.OpenExe(r)
 	if err != nil {
 		return nil, nil, ErrUnrecognizedExe
@@ -37,9 +37,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 		return nil, nil, nil
 	}
 
-	var libs []types.Library
-	libs = append(libs, types.Library{
-		ID: dependency.ID(ftypes.PythonExecutable, name, vers),
+	var libs []ftypes.Package
+	libs = append(libs, ftypes.Package{
+		ID:      dependency.ID(ftypes.PythonExecutable, name, vers),
 		Name:    name,
 		Version: vers,
 	})

pkg/fanal/analyzer/executable/executable.go

@@ -8,8 +8,8 @@ import (
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/executable/nodejs"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/executable/python"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/executable/php"
+	"github.com/aquasecurity/trivy/pkg/dependency/parser/executable/python"
 	"github.com/aquasecurity/trivy/pkg/digest"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language"
@@ -29,19 +29,19 @@ type executableAnalyzer struct{}
 
 // Returns boolean argument in first argument, indicating whether the Executable version is detectable
 func isDetectableLibraryExecutable(fileInfo os.FileInfo) (bool, types.TargetType, error) {
-	isPythonExecutable := isDetectablePythonExecutable(fileInfo);
+	isPythonExecutable := isDetectablePythonExecutable(fileInfo)
 	if isPythonExecutable {
 		return true, types.PythonExecutable, nil
 	}
-	isNodeJsExecutable := isDetectableNodeJsExecutable(fileInfo);
+	isNodeJsExecutable := isDetectableNodeJsExecutable(fileInfo)
 	if isNodeJsExecutable {
 		return true, types.NodeJsExecutable, nil
 	}
-	isPhpExecutable := isDetectablePhpExecutable(fileInfo);
+	isPhpExecutable := isDetectablePhpExecutable(fileInfo)
 	if isPhpExecutable {
 		return true, types.PhpExecutable, nil
 	}
-	return false, types.TargetType("") , nil
+	return false, types.TargetType(""), nil
 }
 
 func isDetectablePythonExecutable(fileInfo os.FileInfo) bool {
@@ -85,24 +85,24 @@ func (a executableAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisIn
 	isDetectableLib, binaryType, err := isDetectableLibraryExecutable(input.Info)
 	if isDetectableLib && binaryType != "" && err != nil {
 		switch binaryType {
-			case types.PythonExecutable:
-				res, err := language.Analyze(types.PythonExecutable, input.FilePath, input.Content, pythonparser.NewParser())
-				if err != nil {
-					return nil, nil
-				}
-				return res, nil
-			case types.NodeJsExecutable:
-				res, err := language.Analyze(types.NodeJsExecutable, input.FilePath, input.Content, nodejsparser.NewParser())
-				if err != nil {
-					return nil, nil
-				}
-				return res, nil
-			case types.PhpExecutable:
-				res, err := language.Analyze(types.PhpExecutable, input.FilePath, input.Content, phpparser.NewParser())
-				if err != nil {
-					return nil, nil
-				}
-				return res, nil
+		case types.PythonExecutable:
+			res, err := language.Analyze(types.PythonExecutable, input.FilePath, input.Content, pythonparser.NewParser())
+			if err != nil {
+				return nil, nil
+			}
+			return res, nil
+		case types.NodeJsExecutable:
+			res, err := language.Analyze(types.NodeJsExecutable, input.FilePath, input.Content, nodejsparser.NewParser())
+			if err != nil {
+				return nil, nil
+			}
+			return res, nil
+		case types.PhpExecutable:
+			res, err := language.Analyze(types.PhpExecutable, input.FilePath, input.Content, phpparser.NewParser())
+			if err != nil {
+				return nil, nil
+			}
+			return res, nil
 		}
 	}