Merge pull request #33 from castai/remove-go-exp-dependency

Replace usage of exp modules with stdlib

apk/apk.go

@@ -15,7 +15,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/log"
 	apkVersion "github.com/knqyf263/go-apk-version"
 	"github.com/samber/lo"
-	"golang.org/x/exp/slices"
+	"slices"
 
 	"github.com/castai/image-analyzer/pathutil"
 )

artifact.go

@@ -26,7 +26,7 @@ import (
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/samber/lo"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/exp/slices"
+	"slices"
 	"golang.org/x/sync/semaphore"
 
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"

dpkg/copyright.go

@@ -3,19 +3,20 @@ package dpkg
 import (
 	"bufio"
 	"context"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 
+	"slices"
+
 	dio "github.com/aquasecurity/go-dep-parser/pkg/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/licensing"
 	"github.com/samber/lo"
-	"golang.org/x/exp/slices"
-	"golang.org/x/xerrors"
 )
 
 // https://github.com/aquasecurity/trivy/blob/v0.50.1/pkg/fanal/analyzer/all/import.go
@@ -45,12 +46,12 @@ func (a *dpkgLicenseAnalyzer) Analyze(_ context.Context, input analyzer.Analysis
 	if len(findings) == 0 && a.licenseFull {
 		// Rewind the reader to the beginning of the stream after saving
 		if _, err := input.Content.Seek(0, io.SeekStart); err != nil {
-			return nil, xerrors.Errorf("seek error: %w", err)
+			return nil, fmt.Errorf("seek error: %w", err)
 		}
 
 		licenseFile, err := licensing.Classify(input.FilePath, input.Content, a.classifierConfidenceLevel)
 		if err != nil {
-			return nil, xerrors.Errorf("license classification error: %w", err)
+			return nil, fmt.Errorf("license classification error: %w", err)
 		}
 		findings = licenseFile.Findings
 	}

dpkg/dpkg.go

@@ -16,7 +16,6 @@ import (
 	"github.com/castai/image-analyzer/pathutil"
 	debVersion "github.com/knqyf263/go-deb-version"
 	"github.com/samber/lo"
-	"golang.org/x/xerrors"
 )
 
 func init() {
@@ -98,7 +97,7 @@ func (a dpkgAnalyzer) parseDpkgInfoList(scanner *bufio.Scanner) ([]string, error
 	installedFiles = append(installedFiles, previous)
 
 	if err := scanner.Err(); err != nil {
-		return nil, xerrors.Errorf("scan error: %w", err)
+		return nil, fmt.Errorf("scan error: %w", err)
 	}
 
 	return installedFiles, nil
@@ -124,7 +123,7 @@ func (a dpkgAnalyzer) parseDpkgStatus(ctx context.Context, filePath string, scan
 	}
 
 	if err := scanner.Err(); err != nil {
-		return nil, xerrors.Errorf("scan error: %w", err)
+		return nil, fmt.Errorf("scan error: %w", err)
 	}
 
 	a.consolidateDependencies(pkgs, pkgIDs)

go.mod

@@ -19,9 +19,7 @@ require (
 	github.com/samber/lo v1.39.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
 	golang.org/x/sync v0.6.0
-	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
 )
 
 require (
@@ -258,6 +256,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
 	golang.org/x/mod v0.16.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/oauth2 v0.18.0 // indirect
@@ -266,6 +265,7 @@ require (
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.19.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	google.golang.org/api v0.172.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect

image/daemon/containerd.go

@@ -29,7 +29,6 @@ import (
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/samber/lo"
-	"golang.org/x/xerrors"
 )
 
 const (
@@ -40,7 +39,7 @@ const (
 func imageWriter(client *containerd.Client, img containerd.Image) imageSave {
 	return func(ctx context.Context, ref []string) (io.ReadCloser, error) {
 		if len(ref) < 1 {
-			return nil, xerrors.New("no image reference")
+			return nil, errors.New("no image reference")
 		}
 		imgOpts := archive.WithImage(client.ImageService(), ref[0])
 		manifestOpts := archive.WithManifest(img.Target())

rpm/rpm.go

@@ -2,6 +2,7 @@ package rpm
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -12,12 +13,12 @@ import (
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/log"
 
+	"slices"
+
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/utils"
 	rpmdb "github.com/knqyf263/go-rpmdb/pkg"
 	"github.com/samber/lo"
-	"golang.org/x/exp/slices"
-	"golang.org/x/xerrors"
 
 	"github.com/castai/image-analyzer/pathutil"
 )
@@ -45,7 +46,7 @@ var (
 		"var/lib/rpm/rpmdb.sqlite",
 	}
 
-	errUnexpectedNameFormat = xerrors.New("unexpected name format")
+	errUnexpectedNameFormat = errors.New("unexpected name format")
 )
 
 var osVendors = []string{
@@ -68,7 +69,7 @@ type rpmPkgAnalyzer struct{}
 func (a rpmPkgAnalyzer) Analyze(ctx context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {
 	parsedPkgs, installedFiles, err := a.parsePkgInfo(ctx, input.Content)
 	if err != nil {
-		return nil, xerrors.Errorf("failed to parse rpmdb: %w", err)
+		return nil, fmt.Errorf("failed to parse rpmdb: %w", err)
 	}
 
 	binaryMap := map[string][]string{}
@@ -105,15 +106,15 @@ func (a rpmPkgAnalyzer) Analyze(ctx context.Context, input analyzer.AnalysisInpu
 func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types.Package, map[string][]string, error) {
 	filePath, err := writeToTempFile(rc)
 	if err != nil {
-		return nil, nil, xerrors.Errorf("temp file error: %w", err)
+		return nil, nil, fmt.Errorf("temp file error: %w", err)
 	}
 	defer os.RemoveAll(filepath.Dir(filePath)) // Remove the temp dir
 
 	// rpm-python 4.11.3 rpm-4.11.3-35.el7.src.rpm
 	// Extract binary package names because RHSA refers to binary package names.
 	db, err := rpmdb.Open(filePath)
 	if err != nil {
-		return nil, nil, xerrors.Errorf("failed to open RPM DB: %w", err)
+		return nil, nil, fmt.Errorf("failed to open RPM DB: %w", err)
 	}
 	defer db.Close()
 
@@ -122,7 +123,7 @@ func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types
 	//   old version: rpm -qa --qf "%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{SOURCERPM} %{ARCH}\n"
 	pkgList, err := db.ListPackages()
 	if err != nil {
-		return nil, nil, xerrors.Errorf("failed to list packages: %w", err)
+		return nil, nil, fmt.Errorf("failed to list packages: %w", err)
 	}
 
 	var pkgs []types.Package
@@ -150,7 +151,7 @@ func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types
 		if packageProvidedByVendor(pkg.Vendor) {
 			files, err = pkg.InstalledFileNames()
 			if err != nil {
-				return nil, nil, xerrors.Errorf("unable to get installed files: %w", err)
+				return nil, nil, fmt.Errorf("unable to get installed files: %w", err)
 			}
 		}
 
@@ -243,22 +244,22 @@ func packageProvidedByVendor(pkgVendor string) bool {
 func writeToTempFile(rc io.Reader) (string, error) {
 	tmpDir, err := os.MkdirTemp("", "rpm")
 	if err != nil {
-		return "", xerrors.Errorf("failed to create a temp dir: %w", err)
+		return "", fmt.Errorf("failed to create a temp dir: %w", err)
 	}
 
 	filePath := filepath.Join(tmpDir, "Packages")
 	f, err := os.Create(filePath)
 	if err != nil {
-		return "", xerrors.Errorf("failed to create a package file: %w", err)
+		return "", fmt.Errorf("failed to create a package file: %w", err)
 	}
 
 	if _, err = io.Copy(f, rc); err != nil {
-		return "", xerrors.Errorf("failed to copy a package file: %w", err)
+		return "", fmt.Errorf("failed to copy a package file: %w", err)
 	}
 
 	// The temp file must be closed before being opened as Berkeley DB.
 	if err = f.Close(); err != nil {
-		return "", xerrors.Errorf("failed to close a temp file: %w", err)
+		return "", fmt.Errorf("failed to close a temp file: %w", err)
 	}
 
 	return filePath, nil

rpm/rpmqa.go

@@ -3,14 +3,15 @@ package rpm
 import (
 	"bufio"
 	"context"
+	"fmt"
 	"os"
 	"strings"
 
+	"slices"
+
 	"github.com/aquasecurity/go-dep-parser/pkg/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
-	"golang.org/x/exp/slices"
-	"golang.org/x/xerrors"
 )
 
 // https://github.com/aquasecurity/trivy/blob/v0.50.1/pkg/fanal/analyzer/all/import.go
@@ -33,7 +34,7 @@ type rpmqaPkgAnalyzer struct{}
 func (a rpmqaPkgAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {
 	pkgs, err := a.parseRpmqaManifest(input.Content)
 	if err != nil {
-		return nil, xerrors.Errorf("failed to parse rpmqa manifest: %w", err)
+		return nil, fmt.Errorf("failed to parse rpmqa manifest: %w", err)
 	}
 	return &analyzer.AnalysisResult{
 		PackageInfos: []types.PackageInfo{
@@ -54,7 +55,7 @@ func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r io.ReadSeekerAt) ([]types.Package
 		// %{NAME}\t%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\t%{BUILDTIME}\t%{VENDOR}\t(none)\t%{SIZE}\t%{ARCH}\t%{EPOCHNUM}\t%{SOURCERPM}
 		s := strings.Split(line, "\t")
 		if len(s) != 10 {
-			return nil, xerrors.Errorf("failed to parse a line (%s)", line)
+			return nil, fmt.Errorf("failed to parse a line (%s)", line)
 		}
 		name = s[0]
 		arch = s[7]
@@ -63,11 +64,11 @@ func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r io.ReadSeekerAt) ([]types.Package
 			ver = verRel[0]
 			rel = verRel[1]
 		} else {
-			return nil, xerrors.Errorf("failed to split a version (%s)", s[1])
+			return nil, fmt.Errorf("failed to split a version (%s)", s[1])
 		}
 		srcName, srcVer, srcRel, err := splitFileName(sourceRpm)
 		if err != nil {
-			return nil, xerrors.Errorf("failed to split source rpm: %w", err)
+			return nil, fmt.Errorf("failed to split source rpm: %w", err)
 		}
 		pkg := types.Package{
 			Name:       name,