build(deps): bump github.com/google/osv-scalibr from 0.1.4 to 0.1.5

[dependabot]

Bumps github.com/google/osv-scalibr from 0.1.4 to 0.1.5.

Release notes

Sourced from github.com/google/osv-scalibr's releases.

v0.1.5

• API changes: Removed error from extractor.ToCPEs, introduced FileAPI for extractor.FileRequired
• New extraction features: RPM extraction support on virtual filesystems, MacOS Application extraction
• --skip-dirs-glob flag
• Github Actions for linting and tests for MacOS
• Improved performance due to lazy Stat calling

Commits

• 7607558 Fix invalid type matching in the regosversion extractor, causing purl to no...
• 0374099 Implement FileAPI for lazy Stat
• cd45e1d Rename remaining extractor/detector files.
• e9b29bb Rename extractor/detector files from extractor.go/detector.go.
• 52fd8c7 Add the LayerDetails field to the scan result proto. This will be used to s...
• 4df985d Add initial code for layer scanning. The Image struct is created from a `v1...
• 7ef3529 Merge pull request #299 from ackama:linting/enable-predeclared
• 178fdef Merge pull request #300 from ackama:linting/increase-timeout
• 467f8c2 ci: increase timeout for golangci-lint
• e0768be refactor: enable predeclared linter
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

coverage: 54.724% (-0.003%) from 54.727%
when pulling 7c69e1c on dependabot/go_modules/github.com/google/osv-scalibr-0.1.5
into f6afcd4 on main.