Syft Cause stack overflow [goroutine stack exceeds 1000000000-byte limit]

[ysebyy]

What happened:
We are running syft (1.11.1) in this library https://github.com/vinted/sbomsftw , currently updating and debugging issues.
What we noticed in a specific repository ( https://github.com/feast-dev/feast) , we have a fork of this, but tested it out on it as well), we get a stack overflow on this segment of syft:

	for i := range taskGroups {
		err := task.NewTaskExecutor(taskGroups[i], cfg.Parallelism).Execute(ctx, resolver, builder, catalogingProgress)
		if err != nil {
			// TODO: tie this to the open progress monitors...
			return nil, fmt.Errorf("failed to run tasks: %w", err)
		}
	}

With the following error message:

runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0x140322e04a0 stack=[0x140322e0000, 0x140522e0000]
fatal error: stack overflow

runtime stack:
runtime.throw({0x1012cef01?, 0x10053b1a4?})

What you expected to happen:
Syft runs without a kernel panic or atleast throw a error, not a full system crash

Steps to reproduce the issue:
You could use our library but syft itself throws this error as well:

brew install syft
git clone https://github.com/feast-dev/feast
syft feast

Anything else we need to know?:
No gotools compilation arguments added.
What we have tried: as it seems to be a maven issue due to this stacktrace:

github.com/anchore/syft/syft/pkg/cataloger/java.(*mavenResolver).resolveProjectProperty(0x14011a9d570, {0x101c26180, 0x102871f80}, {0x140322e0a48, 0x1, 0x1}, 0x140206a8d20, {0x14012298192, 0x8}, {0x140206ac160, ...})
        /Users/vadimas.vasiljevas/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/maven_resolver.go:139 +0x71c fp=0x140322e04a0 sp=0x140322e04a0 pc=0x100e581dc
github.com/anchore/syft/syft/pkg/cataloger/java.(*mavenResolver).resolveProperty(0x14011a9d570, {0x101c26180, 0x102871f80}, {0x140322e0a48, 0x1, 0x1}, {0x14012298192, 0x8}, {0x0, 0x0, ...})
        /Users/vadimas.vasiljevas/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/maven_resolver.go:107 +0x1b4 fp=0x140322e0580 sp=0x140322e04a0 pc=0x100e57794
github.com/anchore/syft/syft/pkg/cataloger/java.(*mavenResolver).resolveExpression.func1({0x14012298190?, 0x0?})
        /Users/vadimas.vasiljevas/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/maven_resolver.go:86 +0xd0 fp=0x140322e0690 sp=0x140322e0580 pc=0x100e573b0
regexp.(*Regexp).ReplaceAllStringFunc.func1({0x0, 0x0, 0x0}, {0x140206a7320?, 0x0?, 0x0?})

We tried to limit recursion to 1 or to 10, with the same issue.
Let me know if any more info should be provided or there is anything I can do to fix this.

Environment: Local Env - MacOS 14.6.1 / Golang 1.22

• Output of syft version: syft 1.11.1
• OS (e.g: cat /etc/os-release or similar): Prod Env - Alpine Linux v3.20