Bump github.com/anchore/syft from 0.86.1 to 0.87.1

[dependabot]

Bumps github.com/anchore/syft from 0.86.1 to 0.87.1.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.87.1

v0.87.1 (2023-08-17)

Full Changelog

Bug Fixes

• Use Java package names to determine known groupIDs [[PR #2032](https://redirect.github.com/Use Java package names to determine known groupIDs anchore/syft#2032)] [kzantow]
• Relationships section of CycloneDX is not outputting even when the data is present [[Issue #1972](https://redirect.github.com/Relationships section of CycloneDX is not outputting even when the data is present anchore/syft#1972)] [[PR #1974](https://redirect.github.com/Fix for issue #1972: Fixed typecasting, and added more debug logging. anchore/syft#1974)] [markgalpin] [kzantow]
• SPDX Tag-Value conversion not handling files directly set on packages [[Issue #2013](https://redirect.github.com/SPDX Tag-Value conversion not handling files directly set on packages anchore/syft#2013)] [[PR #2014](https://redirect.github.com/fix: read direct package files when decoding SPDX tag-value anchore/syft#2014)] [kzantow]
• Intermittent binary listings, different results every time [[Issue #2035](https://redirect.github.com/Intermittent binary listings, different results every time anchore/syft#2035)] [[PR #2036](https://redirect.github.com/fix: inconsistent removal of binaries by file overlap anchore/syft#2036)] [kzantow]

v0.87.0

v0.87.0 (2023-08-14)

Full Changelog

Added Features

• feat: use originator logic to fill supplier [[PR #1980](https://redirect.github.com/feat: use originator logic to fill supplier anchore/syft#1980)] [spiffcs]
• Expand deb cataloger to include opkg [[PR #1985](https://redirect.github.com/Expand deb cataloger to include opkg anchore/syft#1985)] [johnDeSilencio]
• Package duplicated by different cataloger [[Issue #931](https://redirect.github.com/Package duplicated by different cataloger anchore/syft#931)] [[PR #1948](https://redirect.github.com/931: binary cataloger exclusion defaults anchore/syft#1948)] [spiffcs]
• Add binary cataloger for Nginx built from source [[Issue #1945](https://redirect.github.com/Add binary cataloger for Nginx built from source anchore/syft#1945)] [[PR #1988](https://redirect.github.com/Create nginx binary classifier anchore/syft#1988)] [SemProvoost]

Bug Fixes

• chore: update bubbly to fix hanging [[PR #1990](https://redirect.github.com/chore: update bubbly to fix hanging anchore/syft#1990)] [kzantow]
• fix: update glob to use newer usr/lib/sysimage path [[PR #1997](https://redirect.github.com/fix: update glob to use newer usr/lib/sysimage path anchore/syft#1997)] [spiffcs]
• fix: SPDX license values and download location [[PR #2007](https://redirect.github.com/fix: SPDX license values and download location anchore/syft#2007)] [kzantow]
• Different CPEs between java-cataloger and java-gradle-lockfile-cataloger [[Issue #1957](https://redirect.github.com/Different CPEs between java-cataloger and java-gradle-lockfile-cataloger anchore/syft#1957)] [[PR #1995](https://redirect.github.com/fix: gradle lockfile parser groupId handling anchore/syft#1995)] [kzantow]

Commits

• 4762ba0 feat: use java package names to determine known groupids (#2032)
• d163597 fix: inconsistent removal of binaries by overlap (#2036)
• 9467bd6 fix: CycloneDX relationships not output or decoded properly (#1974)
• 5910732 chore: restore cataloger.DefaultConfig (#2028)
• b3d7ba5 fix: read direct package files when decoding SPDX tag-value (#2014)
• c7fe586 chore(deps): update bootstrap tools to latest versions (#2022)
• 28b06da chore(deps): update CPE dictionary index (#2025)
• a90cff1 chore(deps): update bootstrap tools to latest versions (#2012)
• 82eafea chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008)
• 541c8d3 1948-filter-pkg-by-type (#2011)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #97.