Update dependency anchore/syft to v1.4.1

This MR contains the following updates:

Package	Type	Update	Change
anchore/syft	ironbank-github	minor	v1.0.1 -> v1.4.1

---

Release Notes

anchore/syft (anchore/syft)

v1.4.1

Compare Source

Bug Fixes

• Fix redundant package deletions when considering ELF packages [#​2862 @​wagoodman]

(Full Changelog)

v1.4.0

Compare Source

Added Features

• Add detection for newer version of ErLang/OTP [#​2829 @​LaurentGoderre]
• Add missing CPE for traefik, memcached, and postgres binaries [#​2845 @​LaurentGoderre]
• Add binary classifier for ArangoDB [#​2830 @​LaurentGoderre]
• Add relationships to ELF packages [#​2715 @​brian-ebarb @​cdivers18 ]
• Add relationships for ALPM packages (arch linux) [#​2851 @​wagoodman]

Bug Fixes

• close temp rpmdb file [#​2792 @​testwill]
• fix Windows file paths in local go mod cache [#​2654 @​willmurphyscode]
• Package Count doesn't match list of packages [#​2304 #​2839 @​wagoodman]
• New version 1.3.0 leads to "too many open files" while scanning bigger images [#​2819 #​2823 @​willmurphyscode]
• license_info_in_file is mandatory in SPDX-2.2 [#​2163 #​2168 @​kzantow]
• Wrong CPE for dnsmasq [#​2636 #​2659 @​kzantow]
• SPDX originator is not always populated [#​2632 #​2822 @​wagoodman]

Additional Changes

• Improve linting for defer Close type issues [#​2826]
• use ruleguard to test for missing defer statements [#​2837 @​willmurphyscode]
• Publish security policy [#​2835 @​wagoodman]
• fix function name in comment [#​2771 @​camcui]
• enable go-critic deferInLoop lint [#​2825 @​willmurphyscode]

(Full Changelog)

v1.3.0

Compare Source

Added Features

• index known CPEs for go modules [#​2816 @​westonsteimel]
• support multiple known CPEs in index [#​2813 @​westonsteimel]
• index known CPEs for PHP Composer packagist.org packages [#​2804 @​westonsteimel]
• index known cpes for PHP extensions [#​2777 @​westonsteimel]

Bug Fixes

• re-use embedded union reader if possible [#​2814 @​willmurphyscode]
• prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io [#​2806 @​westonsteimel]
• improvements to known CPE index construction [#​2801 @​westonsteimel]
• Syft panics when scanning OCI image that contains packaged helm chart [#​2745 #​2757 @​willmurphyscode]
• Pom parser not resolving all dependency versions [#​2776 #​2781 @​willmurphyscode]
• exclude known instrumentation jars from being erroneously identified [#​2796 @​kzantow]
• return empty string if dereferncing pom var fails [#​2797 @​willmurphyscode]

(Full Changelog)

v1.2.0

Compare Source

Added Features

• Differentiate between JRE and JDK [#​2748 @​LaurentGoderre]
• Add support for dnf packages [#​2758]

Bug Fixes

• more robust go main version extraction [#​2767 @​kzantow]
• Regression in 1.1 cataloging openjdk: generates version containing a null byte [#​2750 #​2766 @​LaurentGoderre]

(Full Changelog)

v1.1.1

Compare Source

Bug Fixes

• update anchore/packageurl-go to use latest commits [#​2746 @​spiffcs]
• fix panic scanning binaries without symtab [#​2736 #​2739 @​kzantow]

(Full Changelog)

v1.1.0

Compare Source

Added Features

• Adding the ability to retrieve remote licenses from package-lock.json [#​2708 @​coheigea]
• Show binary exports, entrypoint, and imports [#​2626 @​wagoodman]
• Add detection for Oracle GraalVM [#​2705 @​LaurentGoderre]

Bug Fixes

• reduce duplicate case SwiftPkg [#​2696 @​testwill]

(Full Changelog)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled because a matching MR was automerged previously.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.