chore(deps): bump github.com/anchore/syft from 0.103.1 to 0.104.0

[dependabot[bot]]

Bumps github.com/anchore/syft from 0.103.1 to 0.104.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.104.0

Added Features

• Adding metadata fields when parsing yarn.lock and poetry.lock [#2350 @​asi-cider]
• Add Erlang OTP Application cataloger [#2403 @​LaurentGoderre]
• Support Conan lockfiles v0.5 [#2050]
• Identify security-features-of-interest within binaries [#2434 #2443 @​wagoodman]
• Top-level API should be more composable [#558 #2517 @​wagoodman]
• Annotate where each CPE on a package is sourced from [#2282 #2552 @​willmurphyscode]

Bug Fixes

• unmarshal key values in Java, Go, and Conan metadata [#2603 @​willmurphyscode]
• incorrect conversion between integer types [#2605 @​spiffcs]
• prefer portable executable product version when semantically greater than file version [#2600 @​westonsteimel]
• Stop iterating maps in catalogers [#2405 #2553 @​wagoodman]
• unknown flag: --key when use syft attest --key [KEY] [#2544 #2551 @​willmurphyscode]
• purl generation broken for kafka jars [#2385 #2573 @​westonsteimel]

Breaking Changes

• Top-level API should be more composable [#558 #2517 @​wagoodman]
• Annotate where each CPE on a package is sourced from [#2282 #2552 @​willmurphyscode]

(Full Changelog)

Commits

• bd0cb91 fix: incorrect conversion between integer types (#2605)
• da31eed chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (#2602)
• 704155e chore(deps): bump github.com/docker/docker (#2601)
• ce67927 Fix: unmarshal key values in Java, Go, and Conan metadata (#2603)
• bbd34f6 fix(dotnet): prefer portable executable product version when semantically gre...
• c61f59e Finalize Conan v2 support (#2587)
• 00d6269 chore(deps): update tools to latest versions (#2595)
• 0bc5971 chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#2597)
• 91d7a8a chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c (...
• 05fa8ba chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#2592)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)