Bump github.com/anchore/syft from 0.34.0 to 0.54.0

[dependabot]

Bumps github.com/anchore/syft from 0.34.0 to 0.54.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.54.0

Changelog

v0.54.0 (2022-08-17)

Full Changelog

Added Features

• Assume :latest tag implicitly [[Issue #411](anchore/syft#411
• Add 'rpm modularity' to rpm records generated by syft [[Issue #1145](anchore/syft#1145

Bug Fixes

• Empty metadata while decoding should be allowed [[PR #1154](anchore/syft#1154 [wagoodman]
• Add PHP Composer dev dependencies [[Issue #773](anchore/syft#773
• opaque error when scanning an image in github registry [[Issue #790](anchore/syft#790
• javascript-lock-cataloger not detect and parse yarn.lock file [[Issue #798](anchore/syft#798
• Distro identification fails for dir: scheme when identityFiles not in scope. [[Issue #814](anchore/syft#814
• podman report not working [[Issue #893](anchore/syft#893
• Parsing yarn.lock fails to identify the currect package and version combinations [[Issue #925](anchore/syft#925
• gemspecs going unreported [[Issue #960](anchore/syft#960
• json SPDX invalid format [[Issue #992](anchore/syft#992
• Docker configuration issue on release [[Issue #1126](anchore/syft#1126
• Can't configure off-by-default cataloger without using --all [[Issue #1141](anchore/syft#1141

v0.53.4

Changelog

v0.53.4 (2022-08-03)

Full Changelog

v0.53.3

Changelog

v0.53.3 (2022-08-03)

Full Changelog

Bug Fixes

• Deprecated SPDX license (GPL-2.0+) [[Issue #950](anchore/syft#950

v0.53.2

Changelog

v0.53.2 (2022-08-02)

Full Changelog

... (truncated)

Commits

• 21eb772 Associate node package licenses from node_modules (#1152)
• d1390b3 Give the contributing guide a substantial rework (#1155)
• 3db6911 fix: extract file ids correctly for spdx-json (#1156)
• 2693a8c metadata decoding should be optional (#1154)
• 1344889 Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151)
• 0438730 Add modularitylabel metadata to RPM type records generated by syft (#1148)
• 4df84d3 Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149)
• 5be7e08 retraction for mispublished versions (#1147)
• 621f0fe cataloger configuration is respected regardless of source (#1142)
• 644ca00 Update README.md (#1146)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #52.