chore(deps): Bump anchore/sbom-action from 0.15.8 to 0.16.1

[dependabot[bot]]

Bumps anchore/sbom-action from 0.15.8 to 0.16.1.

Release notes

Sourced from anchore/sbom-action's releases.

v0.16.1

Changes in v0.16.1

• fix: workaround windows install issue (#477) [willmurphyscode]
• fix: allow users to properly use the file input over the default path value (#471) [komish]
• chore(deps): update Syft to v1.5.0 (#470) [anchore-actions-token-generator]
• docs: notes for matrix and required permissions (#469) [kzantow]
• chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466) [dependabot]

v0.16

Changes in v0.16.0

• Update Syft to v1.4.1 (#465)
• Update GitHub artifact client (#463) [kzantow]

NOTE: if you are using this action within a matrix build and see failures attempting to upload artifacts with duplicate names, you will need to set the artifact-name to be unique based on the matrix properties (an example here). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names.

v0.15.11

Changes in v0.15.11

• chore(deps): update Syft to v1.3.0 (#456) [anchore-actions-token-generator]
• chore: remove outdated snapshot workflow (#457) [spiffcs]
• fix: don't pass in a separate env. This makes it impossible to pass env vars via the action context to syft. (#455) [iNoahNothing]

v0.15.10

Changes in v0.15.10

• Update Syft to v1.1.0 (#454)
• Bump Node to v20 on download-syft/publish-sbom actions (#448) [ViacheslavKudinov]

v0.15.9

Changes in v0.15.9

• reduce syft debug level (#446) [kzantow]
• update Syft to v0.105.0 (#442) [anchore-actions-token-generator]

Commits

• 95b086a fix: workaround windows install script (#477)
• 72370e1 fix: allow users to properly use the file input over the default path value (...
• e28bab5 chore(deps): update Syft to v1.5.0 (#470)
• 2283abe docs: notes for matrix and required permissions (#469)
• 07e5b3a chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466)
• e8d2a69 chore(deps): update Syft to v1.4.1 (#465)
• 610bea4 chore: update GitHub artifact client (#463)
• 0445e23 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#464)
• a66e2f3 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#461)
• 1abd786 chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.5 (#462)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #169.