Bump github.com/anchore/grype from 0.61.2-0.20230517123503-d34b28193e61 to 0.62.0

[dependabot]

Bumps github.com/anchore/grype from 0.61.2-0.20230517123503-d34b28193e61 to 0.62.0.

Release notes

Sourced from github.com/anchore/grype's releases.

v0.62.0

Changelog

v0.62.0 (2023-05-22)

Full Changelog

Added Features

• Add package qualifier for platform CPE [[PR #1291](https://redirect.github.com/feat: package qualifier for platform CPE grype#1291)] [westonsteimel]
• Include timestamp and image name in reports [[Issue #1170](https://redirect.github.com/Grype|Include Timestamp and Image Name to Reports grype#1170)] [[PR #1249](https://redirect.github.com/feat: add timestamp to json output (#1170) grype#1249)] [jneate]
• Document command line flag for config file location [[Issue #1271](https://redirect.github.com/Document command line flag for config file location grype#1271)] [[PR #1274](https://redirect.github.com/docs: add config flag to configuration section (#1271) grype#1274)] [jneate]
• Add support for Syft IDs in JSON output [[PR #1266](https://redirect.github.com/Add support for Syft IDs in JSON output grype#1266)] [luhring]

Bug Fixes

• False positive with pkg:rpm PURLs [[Issue #1031](https://redirect.github.com/False positive with pkg:rpm PURLs grype#1031)] [[PR #1237](https://redirect.github.com/Fix false positive for purl provider grype#1237)] [Shanedell]
• Specifying "extras" in pip / requirements.txt results in false negative [[Issue #1246](https://redirect.github.com/Specifying "extras" in pip / requirements.txt results in false negative grype#1246)]
• CycloneDX dependencies relationships inverted [[Issue #1294](https://redirect.github.com/CycloneDX dependencies relationships inverted grype#1294)]

Additional Changes

• docs: add "cyclonedx-json" to output formats [[PR #1252](https://redirect.github.com/docs: add "cyclonedx-json" to output formats grype#1252)] [HNKNTA]
• chore: update quality gate labels and add keycloak [[PR #1255](https://redirect.github.com/chore: update quality gate labels and add keycloak grype#1255)] [westonsteimel]
• Install skopeo during bootstrap [[PR #1260](https://redirect.github.com/Install skopeo during bootstrap grype#1260)] [willmurphyscode]
• Replace deprecated io/ioutil calls [[PR #1296](https://redirect.github.com/io/ioutil is deprecated grype#1296)] [testwill]
• Fix reading syft json from stdin by redirect [[PR #1299](https://redirect.github.com/Fix reading syft json from stdin by redirect grype#1299)] [devfbe]
• Add gitignore for default build target [[PR #1305](https://redirect.github.com/add gitignore for default build target grype#1305)] [testwill]

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)