Bump github.com/anchore/syft from 0.80.0 to 1.4.1

[dependabot[bot]]

Bumps github.com/anchore/syft from 0.80.0 to 1.4.1.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.4.1

Bug Fixes

• Fix redundant package deletions when considering ELF packages [#2862 @​wagoodman]

(Full Changelog)

v1.4.0

Added Features

• Add detection for newer version of ErLang/OTP [#2829 @​LaurentGoderre]
• Add missing CPE for traefik, memcached, and postgres binaries [#2845 @​LaurentGoderre]
• Add binary classifier for ArangoDB [#2830 @​LaurentGoderre]
• Add relationships to ELF packages [#2715 @​brian-ebarb]
• Add relationships for ALPM packages (arch linux) [#2851 @​wagoodman]

Bug Fixes

• close temp rpmdb file [#2792 @​testwill]
• fix Windows file paths in local go mod cache [#2654 @​willmurphyscode]
• Package Count doesn't match list of packages [#2304 #2839 @​wagoodman]
• New version 1.3.0 leads to "too many open files" while scanning bigger images [#2819 #2823 @​willmurphyscode]
• license_info_in_file is mandatory in SPDX-2.2 [#2163 #2168 @​kzantow]
• Wrong CPE for dnsmasq [#2636 #2659 @​kzantow]
• SPDX originator is not always populated [#2632 #2822 @​wagoodman]

Additional Changes

• Improve linting for defer Close type issues [#2826]
• use ruleguard to test for missing defer statements [#2837 @​willmurphyscode]
• Publish security policy [#2835 @​wagoodman]
• fix function name in comment [#2771 @​camcui]
• enable go-critic deferInLoop lint [#2825 @​willmurphyscode]

(Full Changelog)

v1.3.0

Added Features

• index known CPEs for go modules [#2816 @​westonsteimel]
• support multiple known CPEs in index [#2813 @​westonsteimel]
• index known CPEs for PHP Composer packagist.org packages [#2804 @​westonsteimel]
• index known cpes for PHP extensions [#2777 @​westonsteimel]

Bug Fixes

• re-use embedded union reader if possible [#2814 @​willmurphyscode]
• prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io [#2806 @​westonsteimel]
• improvements to known CPE index construction [#2801 @​westonsteimel]
• Syft panics when scanning OCI image that contains packaged helm chart [#2745 #2757 @​willmurphyscode]

... (truncated)

Commits

• c200896 fix pruning binary packages when considering ELF packages (#2862)
• 4194a2c feat: add relationships to ELF package discovery (#2715)
• 74b01a1 README.md: link to official wiki (#2858)
• b2ca5fb fix Windows file paths in local go mod cache (#2654)
• 1892f24 chore(deps): bump github.com/docker/docker (#2859)
• 88aaab2 chore(deps): bump github.com/charmbracelet/bubbletea (#2860)
• 5044f48 chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4 (#2855)
• 6c2e8c8 chore(deps): bump github.com/sassoftware/go-rpmutils from 0.3.0 to 0.4.0 (#2856)
• ada8f00 Add relationships for ALPM packages (arch linux) (#2851)
• e7b6284 Add binary classifier for ArangoDB (#2830)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #575.