Bump github.com/anchore/syft from 0.32.0 to 0.35.0 in /create-stack

[dependabot[bot]]

Bumps github.com/anchore/syft from 0.32.0 to 0.35.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.35.0

Changelog

v0.35.0 (2022-01-07)

Full Changelog

Added Features

• support .par for java ecosystems [[PR #727](anchore/syft#727 [westonsteimel]
• Add support for searching for jars within archives [[PR #734](anchore/syft#734 [wagoodman]
• Add lpkg as java package format [[Issue #682](anchore/syft#682
• Add alias for --version flag [[Issue #700](anchore/syft#700
• Support generating multiple BOM files in different formats within a run [[Issue #325](anchore/syft#325

Bug Fixes

• Failed to parse CPE - unbind formatted string [[Issue #426](anchore/syft#426
• Unable to catalog .jar files on Windows [[Issue #683](anchore/syft#683
• Generating invalid CPEs for debs and rpms with epochs [[Issue #712](anchore/syft#712

Docker images

• docker pull anchore/syft:v0.35.0

v0.34.0

Changelog

v0.34.0 (2021-12-22)

Full Changelog

Added Features

• Exclude path option [[Issue #221](anchore/syft#221
• Syft verbose log version [[Issue #664](anchore/syft#664
• pip should support vcs url [[Issue #679](anchore/syft#679

Bug Fixes

• Misleading error message when oci-archive scheme used on non-OCI archives [[Issue #701](anchore/syft#701

v0.33.0

Changelog

... (truncated)

Commits

• 5e5312c Add support for multiple output files in different formats (#732)
• 38c4b17 Add support for searching for jars within archives (#734)
• 01dc78c 683 windows filepath (#735)
• 2a7325a Fix CPE encode/decode when it contains special chars (#714)
• d9aa54c support .par for java ecosystems (#727)
• 697bad0 Add arm64 support to install script (#729)
• a18fbac Revert "bump goreleaser to v1.2 (#720)" (#731)
• 7168dc7 Add a version flag (#722)
• 211b188 Add lpkg as java package format (#694)
• 7f8cb0b remove unstable CLI test (bad binaries) (#721)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

A newer version of github.com/anchore/syft exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.