Bump github.com/anchore/syft from 0.80.0 to 1.16.0

[dependabot]

Bumps github.com/anchore/syft from 0.80.0 to 1.16.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.16.0

Added Features

• omit devDependencies for package-lock.json files by default [#2348 #3371 @​njv299]

Bug Fixes

• add support for dependencies and purl for Native Image SBOMs [#3399 @​rudsberg]
• stop bubbling fileResolver errors from binary cataloger [#3410 @​spiffcs]
• malformed pom.xml may cause recursive loop [#3391 @​kzantow]
• syft convert: broken link in help - documentation no longer existing [#3143 #3407 @​Makefolder]

(Full Changelog)

v1.15.0

Added Features

• Merge config files hierarchically and add support for config profiles [#3337 @​kzantow]
• Enable cargo-auditable-binary-cataloger for files/directories [#3376 @​ariel-miculas]
• Improve mariadb binary classifer to detect older versions [#3052]
• Look for dpkg status file at additional globs [#2692 #3373 @​njv299]
• Emit relationships for Java dependencies [#3189 #3363 @​kzantow]

(Full Changelog)

v1.14.2

Bug Fixes

• Use single license scanner for all catalogers [#3348 @​wagoodman]
• use official CPE for linux kernel [#3343 @​westonsteimel]
• improve mariadb binary classifer to detect older versions [#3339 @​westonsteimel]

Additional Changes

• Update to latest packageurl-go [#3347 @​wagoodman]

(Full Changelog)

v1.14.1

Bug Fixes

• stop some log.Warn spam due parsing an empty string as a CPE [#3330 @​willmurphyscode]
• improve go binary semver extraction for traefik [#3325 @​westonsteimel]

(Full Changelog)

v1.14.0

Added Features

... (truncated)

Commits

• 8a41d77 chore: prevent file resolver from bubbling errors in binary cataloger (#3410)
• eb56f2e chore(deps): update stereoscope to cbd43fb4e5d348fe680066ee6329385fd6a4f827 (...
• 849e325 chore(deps): update CPE dictionary index (#3414)
• 203df65 chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3 (#3408)
• 2c70090 chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 (#3409)
• 8f179e6 chore(deps): update stereoscope to 2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 (...
• 6a1e3f3 Issue #3143 – fixed format conversion docs link (#3407)
• fcf1350 feat: support dependencies and purl for Native Image SBOMs (#3399)
• 9302e20 chore(deps): update stereoscope to 9c92fe30492ffeba14ed2e23ad1fd923341dda4f (...
• a55b71d feat: exclude devDependencies from package-lock.json parsing (#3371)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #616.