Bump github.com/anchore/syft from 0.76.1 to 0.84.0

[dependabot]

Bumps github.com/anchore/syft from 0.76.1 to 0.84.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.84.0

Changelog

v0.84.0 (2023-06-20)

Full Changelog

Breaking Changes

• Pad artifact IDs [[PR #1882](https://redirect.github.com/Pad artifact IDs anchore/syft#1882)] [willmurphyscode]

Additional Changes

• chore: update SPDX license list to 3.21 [[PR #1885](https://redirect.github.com/chore: update SPDX license list to 3.21 anchore/syft#1885)] [kzantow]

v0.83.1

Changelog

v0.83.1 (2023-06-14)

Full Changelog

Bug Fixes

• fix: pom properties not setting artifact id [[PR #1870](https://redirect.github.com/fix: pom properties not setting artifact id anchore/syft#1870)] [jneate]
• fix(deps): pull in platform selection fix from stereoscope [[PR #1871](https://redirect.github.com/fix(deps): pull in platform selection fix from stereoscope anchore/syft#1871)] [anchore-actions-token-generator] - pulling in an image with a digest that does not match the platform and architecture of the host no longer fails with an error, see anchore/stereoscope#188
• symlinks within a scanned directory tree are parsed outside the tree, failing if target does not exist [[Issue #1860](https://redirect.github.com/symlinks within a scanned directory tree are parsed outside the tree, failing if target does not exist anchore/syft#1860)] [[PR #1861](https://redirect.github.com/in directory indexer, handle outside symlinks anchore/syft#1861)] [deitch]

v0.83.0

Changelog

v0.83.0 (2023-06-05)

Full Changelog

Added Features

• Add new '--source-version' and '--source-name' options to set the name and version of the target being analyzed for reference in resulting syft-json format SBOMs (more formats will support these flags soon). [[Issue #1399](https://redirect.github.com/Add '--version' param for Syft (for when project version is unclear) anchore/syft#1399)] [[PR #1859](https://redirect.github.com/feat: source-version flag anchore/syft#1859)] [kzantow]
• Add scope to POM properties [[PR #1779](https://redirect.github.com/feat: add scope to pom properties anchore/syft#1779)] [jneate]
• Accept main.version ldflags even without vcs [[PR #1855](https://redirect.github.com/accept main.version ldflags even without vcs anchore/syft#1855)] [deitch]

Bug Fixes

• Fix directory resolver to consider CWD and root path input correctly [[PR #1840](https://redirect.github.com/Fix directory resolver to consider CWD and root path input correctly anchore/syft#1840)] [wagoodman]
• Show all error messages if there is a failure retrieving an image with a specified scheme [[Issue #1569](https://redirect.github.com/The actual error is overridden and not returned from getImageWithRetryStrategy anchore/syft#1569)] [[PR #1801](https://redirect.github.com/Return both failures when failed to retrive an image with a scheme anchore/syft#1801)] [FrimIdan]
• v0.81.0 crashing parsing some images [[Issue #1837](https://redirect.github.com/v0.81.0 crashing parsing some images anchore/syft#1837)] [[PR #1839](https://redirect.github.com/fix: add panic recovery for license parse anchore/syft#1839)] [spiffcs]

... (truncated)

Commits

• 5d54e6e Configure chronicle to pre-1.0 mode (#1886)
• 631d50d chore: update SPDX license list to 3.21 (#1885)
• 269006b chore(deps): update bootstrap tools to latest versions (#1880)
• e2ed89f Pad artifact IDs (#1882)
• badb957 chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878)
• a1bba36 chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874)
• c019cd5 chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (...
• 5406d8a chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876)
• 098c255 fix: pom properties not setting artifact id (#1870)
• 2c5d64a chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #44.