chore(deps): bump github.com/anchore/syft from 1.2.0 to 1.3.0

[dependabot[bot]]

Bumps github.com/anchore/syft from 1.2.0 to 1.3.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.3.0

Added Features

• index known CPEs for go modules [#2816 @​westonsteimel]
• support multiple known CPEs in index [#2813 @​westonsteimel]
• index known CPEs for PHP Composer packagist.org packages [#2804 @​westonsteimel]
• index known cpes for PHP extensions [#2777 @​westonsteimel]

Bug Fixes

• re-use embedded union reader if possible [#2814 @​willmurphyscode]
• prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io [#2806 @​westonsteimel]
• improvements to known CPE index construction [#2801 @​westonsteimel]
• Syft panics when scanning OCI image that contains packaged helm chart [#2745 #2757 @​willmurphyscode]
• Pom parser not resolving all dependency versions [#2776 #2781 @​willmurphyscode]
• exclude known instrumentation jars from being erroneously identified [#2796 @​kzantow]
• return empty string if dereferncing pom var fails [#2797 @​willmurphyscode]

(Full Changelog)

Commits

• 87cd6c8 update spdx license list to 3.23 (#2818)
• d3310a1 fix: re-use embedded union reader if possible (#2814)
• 8640f97 feat: index known CPEs for go modules (#2816)
• 13b06da chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#2812)
• 9604e3d feat: support multiple known CPEs in index (#2813)
• f2fc10a chore(deps): update stereoscope to 8b297badafd5d81fa1187b26ae34dd2a7ce7e425 (...
• 21b2255 chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2809)
• 5326efc chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#2810)
• b90e7f9 Fix removing labels in 'Detect schema changes' job (#2772)
• fbdd4ee chore(deps): bump github.com/docker/docker (#2805)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)