Bump github.com/anchore/syft from 0.80.0 to 0.99.0

[dependabot]

Bumps github.com/anchore/syft from 0.80.0 to 0.99.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.99.0

Added Features

• Look for a maven version in a pom from a parent dependency management… [#2423 @​coheigea]
• Adding the ability to retrieve remote licenses for yarn.lock [#2338 @​coheigea]
• Retrieve remote licenses using pom.properties when there is no pom.xml [#2315 @​coheigea]
• Add the option to retrieve remote licenses for projects defined in a … [#2409 @​coheigea]
• Parse Python licenses from LicenseFile entry in the Wheel Metadata [#2331 @​coheigea]
• Add binary classifier for the ERLang interpreter [#2417 @​LaurentGoderre]
• Parse Python licenses from LicenseExpression entry in the Wheel Metadata [#2431 @​coheigea]
• Add binary classifier for Julia lang [#2427 @​LaurentGoderre]
• Add binary detection for PHP composer [#2432 @​LaurentGoderre]

Bug Fixes

• bump fangs for ptr summarize fix [#2387 @​willmurphyscode]
• improve identification for org.codehaus.groovy artifacts [#2404 @​westonsteimel]
• improve identification for commons-jelly artifacts [#2399 @​westonsteimel]
• improve identification for io.minio artifacts [#2398 @​westonsteimel]
• improve identification for com.graphql-java artifacts [#2397 @​westonsteimel]
• improve identification for org.apache.tapestry artifacts [#2384 @​westonsteimel]
• improve identification for io.ratpack artifacts [#2379 @​westonsteimel]
• improve identification for org.apache.cassandra artifacts [#2386 @​westonsteimel]
• improve identification for org.neo4j.procedure artifacts [#2388 @​westonsteimel]
• improve identification for org.elasticsearch artifacts [#2383 @​westonsteimel]
• improve identification for org.apache.geode artifacts [#2382 @​westonsteimel]
• improve identification for org.apache.tomcat artifacts [#2381 @​westonsteimel]
• improve identification for io.projectreactor.netty artifacts [#2378 @​westonsteimel]
• stop panic when parsing Haskell stack.yaml.lock with missing hackage field [#2421 #2419 @​houdini91]
• fix detecting the name of the eclipse OSGi artifact [#2314 #2349 @​westonsteimel]
• File Sources incorrectly exclude files on Windows [#2410 #2411 @​Racer159]
• Parser for dotnet_portable_executable using wrong attribute name [#2029 #2133 @​kzantow]

Breaking Changes

• Generalize UI events for cataloging tasks [#2369 @​wagoodman]

Additional Changes

• refactor pkg.Collection to remove "catalog" references [#2439 @​wagoodman]
• Expose javascript fields in cataloger configuration [#2438 @​wagoodman]
• Use common archive catalog configuration [#2437 @​wagoodman]
• Fix file digest cataloger when passed explicit coordinates [#2436 @​wagoodman]

(Full Changelog)

v0.98.0

Added Features

• Add binary classifiers for MySQL and MariaDB [#2316 @​duanemay]

... (truncated)

Commits

• 3cffa0b chore: remove execute from test fixtures (#2450)
• da03e98 chore(deps): update tools to latest versions (#2447)
• 4aa2d8c fix: don't panic when hackage missing in haskell stack yaml lock (#2448)
• a635d66 Add binary classifier for the ERLang interpretter (#2417)
• 51d3cd0 Add binary classifier for Julia lang (#2427)
• 4846639 Add binary detection for PHP composer (#2432)
• 6030a69 chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2433)
• 8b9194e chore(deps): update CPE dictionary index (#2442)
• 56a1ab5 chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (...
• f4dd36c fix syft-json test to use pretty json for snapshot testing (#2441)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #543.