chore(deps): update dependency anchore/syft to v1.12.2 (#88)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [anchore/syft](https://redirect.github.com/anchore/syft) | minor |
`v1.9.0` -> `v1.12.2` |

---

### Release Notes

<details>
<summary>anchore/syft (anchore/syft)</summary>

###
[`v1.12.2`](https://redirect.github.com/anchore/syft/releases/tag/v1.12.2)

[Compare
Source](https://redirect.github.com/anchore/syft/compare/v1.12.1...v1.12.2)

##### Added Features

- Detect curl binaries
\[[#&#8203;3146](https://redirect.github.com/anchore/syft/pull/3146)
[@&#8203;krysgor](https://redirect.github.com/krysgor)]
- Add haskell binaries cataloger
\[[#&#8203;3078](https://redirect.github.com/anchore/syft/pull/3078)
[@&#8203;LaurentGoderre](https://redirect.github.com/LaurentGoderre)]
- add the Ocaml ecosystem
\[[#&#8203;3112](https://redirect.github.com/anchore/syft/pull/3112)
[@&#8203;LaurentGoderre](https://redirect.github.com/LaurentGoderre)]
- Support HAProxy dev
\[[#&#8203;3134](https://redirect.github.com/anchore/syft/issues/3134)
[#&#8203;3180](https://redirect.github.com/anchore/syft/pull/3180)
[@&#8203;witchcraze](https://redirect.github.com/witchcraze)]

##### Bug Fixes

- Fix improper decoding of SPDX license expressions in the CycloneDX
format
\[[#&#8203;3175](https://redirect.github.com/anchore/syft/pull/3175)
[@&#8203;NyanKiyoshi](https://redirect.github.com/NyanKiyoshi)]
- improve generated cpes for binaries with existing classifiers
\[[#&#8203;3169](https://redirect.github.com/anchore/syft/pull/3169)
[@&#8203;westonsteimel](https://redirect.github.com/westonsteimel)]
- improve known CPEs and set NVD as source for all current binary
classifiers
\[[#&#8203;3167](https://redirect.github.com/anchore/syft/pull/3167)
[@&#8203;westonsteimel](https://redirect.github.com/westonsteimel)]
- Respond to authoratative CPEs from catalogers
\[[#&#8203;3166](https://redirect.github.com/anchore/syft/pull/3166)
[@&#8203;wagoodman](https://redirect.github.com/wagoodman)]
- Set cataloger names within package cataloger task
\[[#&#8203;3165](https://redirect.github.com/anchore/syft/pull/3165)
[@&#8203;wagoodman](https://redirect.github.com/wagoodman)]
- use official CPE for curl binary cataloger
\[[#&#8203;3164](https://redirect.github.com/anchore/syft/pull/3164)
[@&#8203;westonsteimel](https://redirect.github.com/westonsteimel)]
- Fix ELF package correlations
\[[#&#8203;3151](https://redirect.github.com/anchore/syft/pull/3151)
[@&#8203;wagoodman](https://redirect.github.com/wagoodman)]
- no space left and Could not retrieve mirrorlist in test
\[[#&#8203;3181](https://redirect.github.com/anchore/syft/issues/3181)
[#&#8203;3190](https://redirect.github.com/anchore/syft/pull/3190)
[@&#8203;wagoodman](https://redirect.github.com/wagoodman)]
- Multiple versions of libssl3 and libcrypto3 present in SBOM while only
one version is installed
\[[#&#8203;3195](https://redirect.github.com/anchore/syft/issues/3195)]
- CycloneDX convertion into Syft improperly handles SPDX licenses
\[[#&#8203;3172](https://redirect.github.com/anchore/syft/issues/3172)]
- Syft Cause stack overflow \[goroutine stack exceeds
[`1000000`](https://redirect.github.com/anchore/syft/commit/1000000000)-byte
limit]
\[[#&#8203;3163](https://redirect.github.com/anchore/syft/issues/3163)
[#&#8203;3170](https://redirect.github.com/anchore/syft/pull/3170)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]
- Mysql binary detection version incorrect for 8.0.x
\[[#&#8203;3141](https://redirect.github.com/anchore/syft/issues/3141)
[#&#8203;3142](https://redirect.github.com/anchore/syft/pull/3142)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]

##### Additional Changes

- Less verbose java logging when non-fatal issues arise
\[[#&#8203;3208](https://redirect.github.com/anchore/syft/pull/3208)
[@&#8203;wagoodman](https://redirect.github.com/wagoodman)]

**[(Full
Changelog)](https://redirect.github.com/anchore/syft/compare/v1.11.1...v1.12.2)**

###
[`v1.12.1`](https://redirect.github.com/anchore/syft/compare/v1.12.0...v1.12.1)

[Compare
Source](https://redirect.github.com/anchore/syft/compare/v1.12.0...v1.12.1)

###
[`v1.12.0`](https://redirect.github.com/anchore/syft/compare/v1.11.1...v1.12.0)

[Compare
Source](https://redirect.github.com/anchore/syft/compare/v1.11.1...v1.12.0)

###
[`v1.11.1`](https://redirect.github.com/anchore/syft/releases/tag/v1.11.1)

[Compare
Source](https://redirect.github.com/anchore/syft/compare/v1.11.0...v1.11.1)

##### Bug Fixes

- support .kar files
\[[#&#8203;3113](https://redirect.github.com/anchore/syft/pull/3113)
[@&#8203;tomersein](https://redirect.github.com/tomersein)]
- logging for remote network calls
\[[#&#8203;3140](https://redirect.github.com/anchore/syft/pull/3140)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]
- Pick up CycloneDX BOM components from metadata as well
\[[#&#8203;3092](https://redirect.github.com/anchore/syft/pull/3092)
[@&#8203;dervoeti](https://redirect.github.com/dervoeti)]
- improve groupid extraction for Jenkins plugins
\[[#&#8203;2815](https://redirect.github.com/anchore/syft/pull/2815)
[@&#8203;westonsteimel](https://redirect.github.com/westonsteimel)]

**[(Full
Changelog)](https://redirect.github.com/anchore/syft/compare/v1.11.0...v1.11.1)**

###
[`v1.11.0`](https://redirect.github.com/anchore/syft/releases/tag/v1.11.0)

[Compare
Source](https://redirect.github.com/anchore/syft/compare/v1.10.0...v1.11.0)

##### Added Features

- Added the SWI Prolog (swipl) ecosystem
\[[#&#8203;3076](https://redirect.github.com/anchore/syft/pull/3076)
[@&#8203;LaurentGoderre](https://redirect.github.com/LaurentGoderre)]
- Improved java cataloging
\[[#&#8203;2769](https://redirect.github.com/anchore/syft/pull/2769)
[@&#8203;GijsCalis](https://redirect.github.com/GijsCalis)]

##### Bug Fixes

- Empty version field on some dependencies when reading pom.xml
\[[#&#8203;1129](https://redirect.github.com/anchore/syft/issues/1129)
[#&#8203;2769](https://redirect.github.com/anchore/syft/pull/2769)
[@&#8203;GijsCalis](https://redirect.github.com/GijsCalis)]
- Support Maven multi-level configuration file / parent POM
\[[#&#8203;2017](https://redirect.github.com/anchore/syft/issues/2017)
[#&#8203;2769](https://redirect.github.com/anchore/syft/pull/2769)
[@&#8203;GijsCalis](https://redirect.github.com/GijsCalis)]
- DependencyManagement ignored in pom.xml
\[[#&#8203;1813](https://redirect.github.com/anchore/syft/issues/1813)
[#&#8203;2769](https://redirect.github.com/anchore/syft/pull/2769)
[@&#8203;GijsCalis](https://redirect.github.com/GijsCalis)]
- Version parsing regression for Go binaries
\[[#&#8203;3086](https://redirect.github.com/anchore/syft/issues/3086)
[#&#8203;3087](https://redirect.github.com/anchore/syft/pull/3087)
[@&#8203;spiffcs](https://redirect.github.com/spiffcs)]

##### Additional Changes

- rather than have a hard max recursive depth - syft should detect
parent pom cycles
\[[#&#8203;2284](https://redirect.github.com/anchore/syft/issues/2284)
[#&#8203;2769](https://redirect.github.com/anchore/syft/pull/2769)
[@&#8203;GijsCalis](https://redirect.github.com/GijsCalis)]
- increase java purl generation test coverage
\[[#&#8203;3110](https://redirect.github.com/anchore/syft/pull/3110)
[@&#8203;westonsteimel](https://redirect.github.com/westonsteimel)]
- Updated PackageSupplier to type Organization for JAR files
\[[#&#8203;3093](https://redirect.github.com/anchore/syft/pull/3093)
[@&#8203;harippriyas](https://redirect.github.com/harippriyas)]
- Ensure accurate java main artifact name retrieval for multi-JARs and
refine fallback approach
\[[#&#8203;3054](https://redirect.github.com/anchore/syft/pull/3054)
[@&#8203;dor-hayun](https://redirect.github.com/dor-hayun)]

**[(Full
Changelog)](https://redirect.github.com/anchore/syft/compare/v1.10.0...v1.11.0)**

###
[`v1.10.0`](https://redirect.github.com/anchore/syft/releases/tag/v1.10.0)

[Compare
Source](https://redirect.github.com/anchore/syft/compare/v1.9.0...v1.10.0)

##### Added Features

- Detect go main module from partial package builds
\[[#&#8203;3060](https://redirect.github.com/anchore/syft/pull/3060)
[@&#8203;wagoodman](https://redirect.github.com/wagoodman)]
- Support traefik in linux/arm/v6, linux/riscv64
\[[#&#8203;3038](https://redirect.github.com/anchore/syft/issues/3038)
[#&#8203;3077](https://redirect.github.com/anchore/syft/pull/3077)
[@&#8203;witchcraze](https://redirect.github.com/witchcraze)]
- Catalog TiDB binary
\[[#&#8203;2763](https://redirect.github.com/anchore/syft/issues/2763)]
- Generate a Maven friendly CPE
\[[#&#8203;3042](https://redirect.github.com/anchore/syft/issues/3042)
[#&#8203;3045](https://redirect.github.com/anchore/syft/pull/3045)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]

##### Bug Fixes

- Only match ldflag version if it matches the main module or targets
main.version
\[[#&#8203;3062](https://redirect.github.com/anchore/syft/pull/3062)
[@&#8203;LaurentGoderre](https://redirect.github.com/LaurentGoderre)]
- python requirements.txt cataloger: allow dots in python package names
\[[#&#8203;3070](https://redirect.github.com/anchore/syft/pull/3070)
[@&#8203;Mikcl](https://redirect.github.com/Mikcl)]
- SPDX output performance with many relationships
\[[#&#8203;3053](https://redirect.github.com/anchore/syft/pull/3053)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]
- Order CPEs deterministically for SBOM reproducibility
\[[#&#8203;2967](https://redirect.github.com/anchore/syft/issues/2967)
[#&#8203;3085](https://redirect.github.com/anchore/syft/pull/3085)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]
- Python packages: name normalization
\[[#&#8203;3064](https://redirect.github.com/anchore/syft/issues/3064)
[#&#8203;3069](https://redirect.github.com/anchore/syft/pull/3069)
[@&#8203;Mikcl](https://redirect.github.com/Mikcl)]
- Syft report panics with the golang cataloger
\[[#&#8203;3037](https://redirect.github.com/anchore/syft/issues/3037)
[#&#8203;3043](https://redirect.github.com/anchore/syft/pull/3043)
[@&#8203;willmurphyscode](https://redirect.github.com/willmurphyscode)]

##### Additional Changes

- add debug logging for errors reading RPM files
\[[#&#8203;3051](https://redirect.github.com/anchore/syft/pull/3051)
[@&#8203;kzantow](https://redirect.github.com/kzantow)]

**[(Full
Changelog)](https://redirect.github.com/anchore/syft/compare/v1.9.0...v1.10.0)**

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/DelineaXPM/github-workflows).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.aqua/aqua.yaml

@@ -14,7 +14,7 @@ packages:
   - name: charmbracelet/[email protected]
   - name: goreleaser/[email protected]
   - name: mvdan/[email protected]
-  - name: anchore/syft@v1.9.0
+  - name: anchore/syft@v1.12.2
   - name: golangci/[email protected]
     tags: ['lint']
   - name: git-town/[email protected]