chore(deps): bump github.com/anchore/syft from 1.38.2 to 1.39.0

[dependabot]

Bumps github.com/anchore/syft from 1.38.2 to 1.39.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.39.0

Added Features

• add support for Gemfile.next.lock [#4457 @​HatiCode]
• Command output to give more information on what catalogers look for and what they can find [#4155 #4317 @​wagoodman]
• Support reading lzma compressed .go.buildinfo sections with upx [#4411 #4480 @​wagoodman]
• Specify specific snap revision to pull [#4389 #4439 @​VictorHuu]
• Cannot detect embedded deps.json metadata in single-file .NET binaries [#4344 #4375 @​rezmoss]
• ELF note cataloger does not pick up OS field, but should [#4384 #4438 @​VictorHuu]

Bug Fixes

• remove debug print statement in dependency parser [#4412 @​cgreeno]
• dotnet-deps cataloger should skip project references with type "project" when building the sbom [#4423 #4436 @​rezmoss]
• File digests not computed when using --base-path [#4410 #4478 @​wagoodman]
• Syft should not define subpaths by default in PURLs [#4394 #4395 @​rezmoss]
• go: valid purl but incorrect name [#1737 #4395 @​rezmoss]
• Incorrect Go module PURL generation when module path contains /vN (e.g. /v5) [#4316 #4395 @​rezmoss]
• Failing to convert npm repository information correctly to SPDX [#4362 #4390 @​kendrickm]

(Full Changelog)

Commits

• e9e3494 remove debug output (#4496)
• b3c70da Add experimental cataloger capabilities command (#4317)
• ae1a247 Unpin fixture dependencies that will always float (#4495)
• 0ea920b Decompress UPX packed binaries to extract golang build info (ELF formatted bi...
• 7ef4703 chore(deps): update tools to latest versions (#4491)
• 8334fb0 chore(deps): bump modernc.org/sqlite from 1.40.1 to 1.41.0 (#4489)
• c9760d2 feat: snap can be queried by revision and track/risk/branch (#4439)
• 74c9380 fix: 4423 dotnet-deps cataloger skips project type by def
• 7ed733c signpost to docs site (#4483)
• a39c600 chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 (#4481)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)