chore(deps): update module github.com/anchore/syft to v1.19.0

[renovate-rancher]

This PR contains the following updates:

Package	Type	Update	Change
github.com/anchore/syft	require	minor	v1.17.0 -> v1.19.0

---

Release Notes

anchore/syft (github.com/anchore/syft)

v1.19.0

Compare Source

Added Features

• add license parsing from vendor dirs [#​3522 @​dschmidt]
• Support cataloging NuGet packages [#​373 #​3484 @​Kemosabert]

Bug Fixes

• Syft generates invalid PURLs when name contains : [#​3577 #​3596 @​spiffcs @​jkugler]
• warn instead of error if zero package catalogers are select - user might still run file metadata cataloger, for example [#​3128 #​3468 @​tomersein]
• sbom report: missing licenses [#​3527 #​3549 @​kzantow]

Additional Changes

• bump stereoscope to v0.0.13 [#​3601 @​spiffcs]

(Full Changelog)

v1.18.1

Compare Source

Bug Fixes

• Runtime Error with Syft on Singularity .sif file (panic: index out of range) [#​3390]
• SPDX expressions are lost from CycloneDX if they contain extra parenthesis [#​3441 #​3517 @​willmurphyscode]

Additional Changes

• migrate syft to use anchore fork of archiver without replace [#​3516 @​spiffcs]

(Full Changelog)

v1.18.0

Compare Source

Added Features

• convert spdx absolute to relative [#​3509 @​spiffcs]
• Add relationships for rust audit binary packages [#​3500 @​wagoodman]
• support configuration of layer size in Syft [#​3428 #​3464 @​tomersein]
• Support Dart arm/v7 in 3.x and 2.x [#​3278 #​3475 @​witchcraze]

Bug Fixes

• fix order of rust dependencies and support git sources in Cargo.lock dependencies [#​3502 @​willmurphyscode]
• Use file indexer directly when scanning with file source [#​3333 @​adammcclenaghan]
• Remove incorrect power-user help text that only image sources are supported [#​2046]
• Invalid SPDX: missing copyright text [#​3346 #​3495 @​spiffcs]
• Scanning a source tree with duplicate conanfile.txt dependencies generates multiple components [#​3403]

(Full Changelog)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[renovate-rancher]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 21 additional dependencies were updated

Details:

Package	Change
github.com/google/go-containerregistry	v0.20.2 -> v0.20.3
github.com/CycloneDX/cyclonedx-go	v0.9.1 -> v0.9.2
github.com/ProtonMail/go-crypto	v1.1.2 -> v1.1.3
github.com/anchore/packageurl-go	v0.1.1-0.20241018175412-5c22e6360c4f -> v0.1.1-0.20250117185454-edf36a908b10
github.com/anchore/stereoscope	v0.0.9 -> v0.0.13
github.com/aquasecurity/go-pep440-version	v0.0.0-20210121094942-22b2f8951d46 -> v0.0.1
github.com/aquasecurity/go-version	v0.0.0-20240603093900-cf8a8d29271d -> v0.0.1
github.com/bmatcuk/doublestar/v4	v4.7.1 -> v4.8.0
github.com/cyphar/filepath-securejoin	v0.3.4 -> v0.3.6
github.com/gabriel-vasile/mimetype	v1.4.6 -> v1.4.8
github.com/go-git/go-billy/v5	v5.6.0 -> v5.6.2
github.com/go-git/go-git/v5	v5.12.0 -> v5.13.1
github.com/saferwall/pe	v1.5.5 -> v1.5.6
github.com/spf13/afero	v1.11.0 -> v1.12.0
github.com/sylabs/sif/v2	v2.20.0 -> v2.20.2
github.com/sylabs/squashfs	v1.0.0 -> v1.0.4
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.57.0 -> v0.58.0
go.opentelemetry.io/otel	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/metric	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/sdk	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/trace	v1.32.0 -> v1.33.0