chore(deps): Bump github.com/anchore/syft from 0.80.0 to 0.82.0

[dependabot]

Bumps github.com/anchore/syft from 0.80.0 to 0.82.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.82.0

Changelog

v0.82.0 (2023-05-23)

Full Changelog

Added Features

• Improve Go main module version detection by attempting to parse available ldflags [[Issue #1785](https://redirect.github.com/Attempt to extract go main module versions from available ldflags anchore/syft#1785)] [[PR #1832](https://redirect.github.com/Extract go module versions from ldflags for binaries built by go anchore/syft#1832)] [wagoodman]

Bug Fixes

• Fix a problem in the license parsing logic that may result in a panic [[PR #1839](https://redirect.github.com/fix: add panic recovery for license parse anchore/syft#1839)]
• Return all relevant error messages if an image retrieval fails when a scheme is specified [[PR #1801](https://redirect.github.com/Return both failures when failed to retrive an image with a scheme anchore/syft#1801)] [FrimIdan]
• Fix a problem with PNPM scanning where v6 lockfiles might result in duplicated packages [[Issue #1762](https://redirect.github.com/PNPM improvements: scanning does not support v6 and can result in duplicate packages anchore/syft#1762)] [[PR #1778](https://redirect.github.com/fix: duplicate packages, support pnpm lockfile v6 anchore/syft#1778)] [kzantow]

v0.81.0

Changelog

v0.81.0 (2023-05-22)

Full Changelog

Added Features

• Support cataloging R packages [[Issue #730](https://redirect.github.com/Support cataloging R packages anchore/syft#730)] [[PR #1790](https://redirect.github.com/feat: Add R cataloger anchore/syft#1790)] [willmurphyscode]
• Support describing license properties and SPDX expression assertions [[Issue #1577](https://redirect.github.com/Support describing license properties and SPDX expression assertions anchore/syft#1577)] [[PR #1743](https://redirect.github.com/feat: update syft license concept to complex struct anchore/syft#1743)] [spiffcs]
• Warn if parsing a newer SBOM [[PR #1810](https://redirect.github.com/feat: warn if parsing newer SBOM anchore/syft#1810)] [willmurphyscode]

Bug Fixes

• Retain cataloged SBOM relationships [[PR #1509](https://redirect.github.com/Retain cataloged SBOM relationships anchore/syft#1509)] [houdini91]
• fix: update field plurality of 8.0.0 schema before release [[PR #1820](https://redirect.github.com/fix: update field plurality of 8.0.0 schema before release anchore/syft#1820)] [spiffcs]
• fix: remove spurious warnings - unknown relationship type: evident-by form-lib=syft [[Issue #1812](https://redirect.github.com/Spurious warnings - unknown relationship type: evident-by form-lib=syft anchore/syft#1812)] [[PR #1797](https://redirect.github.com/Reduce log spam on unknown relationship type anchore/syft#1797)] [willmurphyscode]
• CycloneDX Dependencies Relationships Inverted [[Issue #1815](https://redirect.github.com/CycloneDX Dependencies Relationships Inverted anchore/syft#1815)] [[PR #1816](https://redirect.github.com/fix: cyclonedx depends-on relationship inverted anchore/syft#1816)] [shanealv]
• Alpine: license expression should be complete and not parsed out [[Issue #1817](https://redirect.github.com/Alpine: license expression should be complete and not parsed out anchore/syft#1817)] [[PR #1819](https://redirect.github.com/fix: update cataloger to check for expressions before split anchore/syft#1819)] [spiffcs]

Additional Changes

• Print package list when extra packages found [[PR #1791](https://redirect.github.com/Print package list when extra packages found anchore/syft#1791)] [willmurphyscode]
• update cosign to v2 release (different go module) [[PR #1805](https://redirect.github.com/update cosign to v2 release (different go module) anchore/syft#1805)] [bobcallaway]

Commits

• 4ac8fdf fix: add panic recovery for license parse (#1839)
• 087a635 chore: return both failures when failed to retrieve an image with a scheme (#...
• 26c201f Extract go module versions from ldflags for binaries built by go (#1832)
• a3c5550 fix: duplicate packages, support pnpm lockfile v6 (#1778)
• 798af57 chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (...
• f50302b chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829)
• b09cf6c chore(deps): bump github.com/docker/docker (#1833)
• 334a775 Keep original FileInfo persisted on file.Metadata structs (#1794)
• f1b6f38 chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#1827)
• f6f8332 chore(deps): bump github.com/google/go-containerregistry (#1823)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #37.