build(deps): bump github.com/anchore/grype from 0.104.1 to 0.106.0

[dependabot]

Bumps github.com/anchore/grype from 0.104.1 to 0.106.0.

Release notes

Sourced from github.com/anchore/grype's releases.

v0.106.0

Added Features

• warn about packages from EOL distros [#3171 @​willmurphyscode]
• make it configurable what grype assumes when incoming package to grype is missing dpkg/RPM epoch [#2964 #2976 @​willmurphyscode]

Bug Fixes

• RHEL EUS: --only-fixed should filter out matches are not fixed in the current EUS version [#2847 #3181 @​willmurphyscode]

Additional Changes

• support scientific linux [#3175 @​westonsteimel]

(Full Changelog)

v0.105.0

Added Features

• Add archlinux matcher to grype [#3154 @​willmurphyscode]

(Full Changelog)

v0.104.4

Bug Fixes

• preserve local version segment in constraints for PEP 440 comparison [#3146 @​willmurphyscode]

Additional Changes

• correct help text for return code for fail-on severity option [#3138 @​u-ways]

(Full Changelog)

v0.104.3

Bug Fixes

• Use specifier matching rules when comparing python versions [#3121 @​wagoodman]

(Full Changelog)

v0.104.2

Bug Fixes

• Since version 0.104.0 shaded jars are not reported [#3098]
• db search fails with misleading message (out of memory) when no db is present [#3049 #3077 @​JvD-Ericsson]

Additional Changes

• replace os.Chdir with t.Chdir in test code [#3067 @​joonas]

... (truncated)

Commits

• 823d98b chore(deps): update anchore dependencies (#3188)
• 58368e3 feat: warn about packages from EOL distros (#3171)
• 062cf24 chore(deps): bump actions/cache in /.github/actions/bootstrap (#3187)
• 78b0358 chore(deps): bump actions/cache from 5.0.1 to 5.0.2 (#3186)
• 5a64f3c chore(deps): bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 (#3185)
• 4d765c4 chore(deps): bump github.com/olekukonko/tablewriter from 1.1.2 to 1.1.3 (#3184)
• 7a2aa4a chore(deps): update tools to latest versions (#3183)
• 3264426 fix(rpm): respect EUS limitation in --only-fixed (#3181)
• 4c1c41b feat: add config for handling missing epochs on package versions (#2976)
• edaf953 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#3180)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #1851.