build(deps): bump github.com/anchore/syft from 1.38.0 to 1.42.1

[dependabot]

Bumps github.com/anchore/syft from 1.38.0 to 1.42.1.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.1

Bug Fixes

• Use redhat as namespace for hummingbird rpms [#4615 @​scoheb]
• False Positive: Emacs snap package version CVE-2024-39331 [#4485]

Additional Changes

• call cleanup on tmpfile and replace some io.ReadAlls with streams [#4629 @​willmurphyscode]
• bumps go mod version to 1.25; ci takes latest patch [#4628 @​spiffcs]

(Full Changelog)

v1.42.0

Added Features

• Add support for scanning GGUF models from OCI registries [#4335 @​spiffcs]
• yarn lockfile scan doesnt catch dev dependencies [#4548 #4549 @​rezmoss]

Additional Changes

• CPE detection for APK libavif to use aomedia vendor [#4597 @​naag]

(Full Changelog)

v1.41.2

Bug Fixes

• further improve go binary classifier, including windows [#4593 @​kzantow]
• Wrong format in license [#4233 #4588 @​spiffcs]
• Cannot detect installation of Qt6 [#4467 #4550 @​rezmoss]
• bug: Syft mis-identifies binary as deb inside a snap [#4486 #4500 @​popey]

(Full Changelog)

v1.41.1

Bug Fixes

• [Bug Report] Missing some dependencies on cyclonedx formatted SBOM using syft [#4562 #4573 @​spiffcs]

(Full Changelog)

v1.41.0

Added Features

• detect Debian version from /etc/debian_version [#4569 @​kzantow]

Bug Fixes

• correctly report supporting evidence for binary packages [#4558 @​kzantow]

... (truncated)

Commits

• 0a3f7bb chore: call cleanup on tmpfile and replace some io.ReadAlls with streams (#4629)
• 2fe5f9c fix: bumps go mod version to 1.25; ci takes latest patch (#4628)
• f70631a chore(deps): update tools to latest versions (#4614)
• 0bb3741 chore(deps): bump the actions-minor-patch group across 1 directory with 2 upd...
• 458ebbb chore(deps): bump the go-minor-patch group with 2 updates (#4621)
• fb3f560 chore(deps): update CPE dictionary index (#4623)
• 89b901b Use redhat as namespace for hummingbird rpms (#4615)
• 9872ff3 chore(deps): update anchore dependencies (#4613)
• 31c5031 chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#4612)
• 2c5e193 feat: Add support for scanning GGUF models from OCI registries (#4335)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)