build(deps): bump github.com/anchore/syft from 1.38.0 to 1.44.0

[dependabot]

Bumps github.com/anchore/syft from 1.38.0 to 1.44.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.44.0

Added Features

• Add support for linux-riscv64 [#4757 @​luhenry]

Bug Fixes

• Yarn lockfile cataloguing does not handle aliases [#4833 #4836 @​cyphercodes]
• Some snippet files are saved in the previous test directory [#4829 #4830 @​witchcraze]
• empty rockspec causes index out of range [#4824 #4827 @​aki1770-del]
• PE cataloger shows asp.net core ref assemblies using fileversion build stamp instead of productversion [#4813 #4814 @​rezmoss]
• Syft safeCopy silently swallows archive decompression errors [#4806 #4807 @​SAY-5]

(Full Changelog)

v1.43.0

Added Features

• added deno bin classifiers [#4677 @​rezmoss]
• Support haskell old versions [#3237 #4793 @​witchcraze]
• Add support for OpenLDAP binary detection [#4768 #4755 @​nadimz]
• Support erlang ols versions [#3235 #4766 @​witchcraze]

Bug Fixes

• improve redhat-release parsing fallback for RHEL clones [#4808 @​westonsteimel]
• fix format string in search results struct [#4775 @​willmurphyscode]
• prevent infinite recursion in Document.UnmarshalJSON with encoding/json/v2 [#4748 @​benja-M-1]
• Syft can not complete scanning golang image [#4686]
• javascript-package-cataloger drops entire package.json when authors/contributors/maintainers is a single string [#4778 #4779 @​yoav-orca]
• pnpm lock file cataloger produces unstable output [#4648 #4765 @​lawrence3699]
• Linux Kernel bzImage and zImage not cataloged by linux-kernel-cataloger [#4769 #4751 @​nadimz]
• Support istio binary (pilot-discovery, pilot-agent) alpha,beta,rc,dev version [#4546 #4645 @​witchcraze]
• Scanning mounted ISO: duplicate entries [#4759]

Additional Changes

• update CPE dictionary index [#4767 @​anchore-oss-update-bot]

(Full Changelog)

v1.42.4

Bug Fixes

• Similar Packages Should Be Aggregated [#1162]
• Support arangodb binary recent version [#4571 #4662 @​witchcraze]
• Support go binary various versions [#4687 #4694 @​kzantow]

Additional Changes

... (truncated)

Commits

• 8cb78ce fix: resolve yarn lock aliases to source package (#4836)
• 3b046b3 chore: move snippet files from test-fixtures to testdata (#4830)
• 05cc8ee Add support for linux-riscv64 (#4757)
• 3562dab fix(lua-rockspec): handle empty and whitespace-only rockspec files gracefully...
• 014a4c9 chore: tidy go.mod (#4823)
• 3cb838e fixed pe dotnet wrong ver , fixed #4813 (#4814)
• 758324b fix: propagate non-EOF errors out of safeCopy (#4807)
• 390cf6c chore(deps): update anchore dependencies (#4797)
• 4393654 Chore fix sync bump (#4809)
• d179724 fix: improve redhat-release parsing fallback for RHEL clones (#4808)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)