Bump github.com/anchore/syft from 0.80.0 to 1.10.0

[dependabot]

Bumps github.com/anchore/syft from 0.80.0 to 1.10.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.10.0

Added Features

• Detect go main module from partial package builds [#3060 @​wagoodman]
• Support traefik in linux/arm/v6, linux/riscv64 [#3038 #3077 @​witchcraze]
• Catalog TiDB binary [#2763]
• Generate a Maven friendly CPE [#3042 #3045 @​kzantow]

Bug Fixes

• Only match ldflag version if it matches the main module or targets main.version [#3062 @​LaurentGoderre]
• python requirements.txt cataloger: allow dots in python package names [#3070 @​Mikcl]
• SPDX output performance with many relationships [#3053 @​kzantow]
• Order CPEs deterministically for SBOM reproducibility [#2967 #3085 @​kzantow]
• Python packages: name normalization [#3064 #3069 @​Mikcl]
• Syft report panics with the golang cataloger [#3037 #3043 @​willmurphyscode]

Additional Changes

• add debug logging for errors reading RPM files [#3051 @​kzantow]

(Full Changelog)

v1.9.0

Added Features

• Add detection of Erlang in Alpine linux [#2996 @​LaurentGoderre]
• Add version 3 support for swift package manager of the resolved files [#3001 @​4ell0]
• Map the downloadLocation field for PHP Composer packages [#3011 @​LaurentGoderre]

Bug Fixes

• Infer the package type from ELF package notes [#3008 @​wagoodman]
• Order CPEs deterministically for SBOM reproducibility [#2967 #3009 @​spiffcs]

(Full Changelog)

v1.8.0

Added Features

• Add CycloneDX 1.6 Support [#2974 #2978 @​ragaskar]

Bug Fixes

• Fixed the detection of arangodb 3.12 [#2979 @​LaurentGoderre]
• Syft tries to create the cache directory at a location that has no permission [#2984 #2985 @​kzantow]

(Full Changelog)

v1.7.0

... (truncated)

Commits

• a4b5dcd fix: improve determinism in java archive identification (#3085)
• 06526e2 chore(deps): update stereoscope to 50ce3be7aa1fb8829234ae648215e7907196bfa5 (...
• a2042e6 chore(deps): update CPE dictionary index (#3079)
• a35e410 chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to 0.5.6 (#3082)
• 8dd7c9c chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#3083)
• 490e05a fix: traefik classifier (#3077)
• 1cd75b7 python-cataloger: fix normalization test (#3073)
• 4882d2e Only match ldflag version if it matches the main module or targets main.versi...
• b3848f7 python cataloger: allow dots in python package names (#3070)
• 36f95d6 python-cataloger: normalize package names (#3069)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #593.