chore(deps): bump github.com/anchore/syft from 1.42.1 to 1.42.3

[dependabot]

Bumps github.com/anchore/syft from 1.42.1 to 1.42.3.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.3

Bug Fixes

• Missing secondary evidence for .NET dependency in ghcr.io/open-telemetry/demo:2.0.0-accounting image [#4652]

Additional Changes

• bump github.com/buger/jsonsparser to v1.1.2 [#4680 @​willmurphyscode]
• centralize temp files and prefer streaming IO [#4668 @​willmurphyscode]

(Full Changelog)

v1.42.2

Bug Fixes

• [BUG] Incorrect Maven PURL generation: Automatic-Module-Name should not be used as Maven groupId [#4611 #4642 @​xnox]
• Checksum is 0 for spdx files [#2307 #4620 @​ppalucha]
• Support grafana binary various versions [#4559 #4635 @​witchcraze]

Additional Changes

• migrate fixtures to testdata [#4651 @​wagoodman]

(Full Changelog)

Commits

• 860126c chore(deps): update anchore dependencies (#4681)
• 36639f1 chore(deps): bump github.com/buger/jsonsparser to v1.1.2 (#4680)
• f32238c chore(deps): bump the go-minor-patch group with 2 updates (#4678)
• 0c8eef6 chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4675)
• 4d42f8a chore(deps): bump the go-minor-patch group with 2 updates (#4674)
• e388511 chore: centralize temp files and prefer streaming IO (#4668)
• a3dacf5 chore(deps): update tools to latest versions (#4663)
• cccc9bf chore(deps): bump the go-minor-patch group with 3 updates (#4669)
• 59f7725 chore(deps): bump github/codeql-action (#4670)
• 7a6b157 chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4671)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for zarf-docs ready!

Name	Link
🔨 Latest commit	0ad5c6e
🔍 Latest deploy log	https://app.netlify.com/projects/zarf-docs/deploys/69c2535063614e00081dd742
😎 Deploy Preview	https://deploy-preview-4738--zarf-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

looking into the deprecation

[brandtkeller]

NewImage defers to New with all existing arguments being equal.

[brandtkeller]

requesting additional review from @zarf-dev/maintainers after updating from a deprecated function.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Files with missing lines	Coverage Δ
src/pkg/packager/layout/sbom.go	48.55% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.