Update go modules and stabilize SBOM test assertions (#695)

* chore: update go-mod

* fix: using regex to match uuids and versions

* fix: pin go-containerregistry

Author: ddusht

build_test.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"regexp"
 	"testing"
 
 	"github.com/paketo-buildpacks/packit/v2"
@@ -173,34 +174,42 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 		Expect(spdx.Extension).To(Equal("spdx.json"))
 		content, err = io.ReadAll(spdx.Content)
 		Expect(err).NotTo(HaveOccurred())
-		Expect(string(content)).To(MatchJSON(`{
+
+		versionPattern := regexp.MustCompile(`"licenseListVersion": "\d+\.\d+"`)
+		contentReplaced := versionPattern.ReplaceAllString(string(content), `"licenseListVersion": "x.x"`)
+
+		uuidRegex := regexp.MustCompile(`[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}`)
+
+		contentReplaced = uuidRegex.ReplaceAllString(contentReplaced, "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
+
+		Expect(string(contentReplaced)).To(MatchJSON(`{
 			"SPDXID": "SPDXRef-DOCUMENT",
 			"creationInfo": {
 				"created": "0001-01-01T00:00:00Z",
 				"creators": [
 					"Organization: Anchore, Inc",
 					"Tool: -"
 				],
-				"licenseListVersion": "3.27"
+				"licenseListVersion": "x.x"
 			},
-            "packages": [
-                {
-                  "SPDXID": "SPDXRef-DocumentRoot-Unknown-",
-                  "copyrightText": "NOASSERTION",
-                  "downloadLocation": "NOASSERTION",
-                  "filesAnalyzed": false,
-                  "licenseConcluded": "NOASSERTION",
-                  "licenseDeclared": "NOASSERTION",
-                  "name": "",
-                  "supplier": "NOASSERTION"
-                }
-              ],
 			"dataLicense": "CC0-1.0",
-            "documentNamespace": "https://paketo.io/unknown-source-type/unknown-33ef57ff-45c2-53a8-8899-1c2b7e94d0dd",
+			"documentNamespace": "https://paketo.io/unknown-source-type/unknown-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
 			"name": "unknown",
+			"packages": [
+				{
+				"SPDXID": "SPDXRef-DocumentRoot-Unknown-",
+				"copyrightText": "NOASSERTION",
+				"downloadLocation": "NOASSERTION",
+				"filesAnalyzed": false,
+				"licenseConcluded": "NOASSERTION",
+				"licenseDeclared": "NOASSERTION",
+				"name": "",
+				"supplier": "NOASSERTION"
+				}
+			],
 			"relationships": [
 				{
-				    "relatedSpdxElement": "SPDXRef-DocumentRoot-Unknown-",
+					"relatedSpdxElement": "SPDXRef-DocumentRoot-Unknown-",
 					"relationshipType": "DESCRIBES",
 					"spdxElementId": "SPDXRef-DOCUMENT"
 				}