Bump github.com/anchore/syft from 0.80.0 to 0.94.0

[dependabot]

Bumps github.com/anchore/syft from 0.80.0 to 0.94.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.94.0

Added Features

• Add additional license filenames [#2227 @​coheigea]
• Parse donet dependency trees [#2143 @​noqcks]
• Find license by embedded license text [#2147 #2213 @​coheigea]
• Add support for dpkg dependency relationships [#2040 #2212 @​wagoodman]

Bug Fixes

• Report errors to stderr not stdout [#2232 @​wagoodman]
• Python egg packages are not parsed for SBOM [#1761 #2239 @​spiffcs]
• Java archive is listed twice [#2130 #2220 @​wagoodman]
• Java archives not from Maven [#2217 #2220 @​wagoodman]
• Remove internal.StringSet [#2209 #2219 @​wagoodman]
• Invalid interface conversion in Swift cataloger [#2225 #2226 @​wagoodman]

(Full Changelog)

v0.93.0

Added Features

• Parse license from the pom.xml if not contained in the manifest [#2115 @​coheigea]
• Add Golang STD library package given a Golang binary has been discovered compiled with that go binary [#1853 #2195 @​spiffcs]
• Improve --output CLI help and deprecate --file [#2165 #2187 @​sharief007]

Bug Fixes

• Converting a SBOM looses the algorithm type for added checksums [#2183 #2207 @​sharief007]

Additional Changes

• Refine the docs for building a cataloger [#2175 @​wagoodman]
• update license list to 3.22 [#2201 @​spiffcs]
• Add exact syntax of the conversion formats [#2196 @​vargenau]

(Full Changelog)

v0.92.0

Added Features

• Support for multiple image refs of same sha in OCI layout [#1544]

Bug Fixes

• Generated purls are different between runs of syft against the same image and artifact [#2169 #2170 @​willmurphyscode]

Additional Changes

• bump stereoscope to fix data race in UI code [#2173 @​willmurphyscode]

... (truncated)

Commits

• 8f6bdde Label PRs when the json schema changes (#2240)
• ef43294 Add download location when cataloging directory npm package lock (#2238)
• e1ad340 fix: allow packages to be captured from DIST/EGG case (#2239)
• 07f1304 Account for maven bundle plugin and fix filename matching (#2220)
• 6c7900f chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236)
• 7018573 Remove internal string set (#2219)
• f3ad8cf bump clio to get stderr reporting fix (#2232)
• 31f1d7d Fix panic for empty input to Swift cataloger (#2226)
• 144ed72 Add additional license filenames (#2227)
• dcec2bc chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 (#2229)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #535.