Illegal file path error message during init package SBOM creation

[AustinAbro321]

Description

During init package creation there are strange log messages (given below). The archiver package, called by Syft, is outputting the log messages. The message happens during Zarfs call to filesource.NewFromPath(sbomFile). This error happens while Zarf is creating the SBOM of the k3s binary - https://github.com/k3s-io/k3s/releases/download/v1.29.10+k3s1/k3s-airgap-images-amd64.tar.zst

Environment

App version: v0.46.0 (but seemingly for some versions before)

Steps to reproduce

1. make init-package

Expected result

regular logs

Actual Result

The following is included in the logs

tar.go:169: [ERROR] Reading file in tar archive: checking path traversal attempt in symlink: illegal file path: ../3d7ea7220687ba39168afda8d6de726e1c892df39ac1a1e48876d379d64536c8/layer.tar
tar.go:169: [ERROR] Reading file in tar archive: checking path traversal attempt in symlink: illegal file path: ../d3cd84d326f3026c49cdf47c4ba2ef264888392ea9c59761d2ab1d85a548ebcf/layer.tar
tar.go:169: [ERROR] Reading file in tar archive: checking path traversal attempt in symlink: illegal file path: ../a98a9540ad2413eefce42d28e9d4cacd45cbfaf5bb91361752205dde4d56b61d/layer.tar
tar.go:169: [ERROR] Reading file in tar archive: checking path traversal attempt in symlink: illegal file path: ../b41b8ae36710ae1b89005189a6a9cc6fda0a6f65f937d120d93ae44890d22d39/layer.tar
tar.go:169: [ERROR] Reading file in tar archive: checking path traversal attempt in symlink: illegal file path: ../06f647e794ce828a3638308e9e979a60add4693a84be247848ec7ba339b16020/layer.tar
tar.go:169: [ERROR] Reading file in tar archive: checking path traversal attempt in symlink: illegal file path: ../7eafbd21206babac2f232a8227219092b383fe43f1e7198bb4fd113de9b180a0/layer.tar

Severity/Priority

Low, as the init package still builds fine. However we should ensure that there is not a data loss of the SBOM of the K3s file.