chore(deps): bump @cyclonedx/cdxgen from 11.3.2 to 11.4.1

[dependabot]

Bumps @cyclonedx/cdxgen from 11.3.2 to 11.4.1.

Release notes

Sourced from @​cyclonedx/cdxgen's releases.

Release v11.4.1

What's Changed

🏗️ Build System

• musl arm64 builds by @​prabhu in CycloneDX/cdxgen#1869
• Use uv to manage the optional python dependencies + goodies by @​prabhu in CycloneDX/cdxgen#1870

Full Changelog: cdxgen/cdxgen@v11.4.0...v11.4.1

Release v11.4.0

What if SBOM tool developers utilised their tool's SBOM to make the project leaner, safer, and better? This curiosity led to the new minor release of cdxgen v11.4.x. We utilised two powerful features in pnpm package manager - aliasing and overrides to continuously generate an SBOM, test, and optimise the dependency tree. We reduced the dependency count by a whopping 10% and artefact binary sizes by 5% without losing any functionality! We then applied the same principle to trim our container images, implemented multi-stage builds for better caching, and implemented per-architecture signed SBOM attachment for the first time (Thanks @​malice00). For fans of Alpine Linux, cdxgen container images are now available with Alpine base images for top languages. We are also making a static musl-linked single executable binary available for effortless rollout across a number of OS including IoT devices!

What's Changed

Breaking Changes 🛠

• almalinux 10 upgrade by @​prabhu in CycloneDX/cdxgen#1818

💳 Sponsored Work

• [Python] dependency tree enhancements by @​prabhu in CycloneDX/cdxgen#1855
• Recurse on optional package tree by @​prabhu in CycloneDX/cdxgen#1860

Other Changes

• Add image for Rust 1.87 by @​bandhan-majumder in CycloneDX/cdxgen#1819
• Add image for Debian Python 3.13, Debian dotnet 10 preview, Temurin java 24, php 8.3 by @​bandhan-majumder in CycloneDX/cdxgen#1820
• Bug fix by @​bandhan-majumder in CycloneDX/cdxgen#1821
• fileless image sign + trim deps with cdxgen by @​prabhu in CycloneDX/cdxgen#1822
• Continue overriding to reduce deps by @​prabhu in CycloneDX/cdxgen#1823
• Switch to AppThreat node-sqlite3 to get sqlite 3.50.0 by @​prabhu in CycloneDX/cdxgen#1825
• Support for deno in devenv by @​prabhu in CycloneDX/cdxgen#1827
• linux musl detection by @​prabhu in CycloneDX/cdxgen#1829
• Add alpine images for golang 1.23 and 1.24 by @​bandhan-majumder in CycloneDX/cdxgen#1828
• Add alpine images for java 21 and 24 by @​bandhan-majumder in CycloneDX/cdxgen#1830
• [build] Optimized build, SBOM generation & attaching by @​malice00 in CycloneDX/cdxgen#1833
• Escaping space in spawnSync args was breaking scala sbt :( by @​prabhu in CycloneDX/cdxgen#1832
• [build] Added a new workflow that can be used to automatically retry failed jobs by @​malice00 in CycloneDX/cdxgen#1838
• Add ruby 3.4.4 alpine image by @​bandhan-majumder in CycloneDX/cdxgen#1834
• [build] Moved image-builds between cloud and hosted servers by @​malice00 in CycloneDX/cdxgen#1839
• Remove PYTHON_VERSION var from alpine images by @​bandhan-majumder in CycloneDX/cdxgen#1840
• We are missing java in some images so --profile research doesn't work by @​prabhu in CycloneDX/cdxgen#1841
• [build] Merged all sets of Dockerfiles into a multi-stage Dockerfile by @​malice00 in CycloneDX/cdxgen#1842
• Update atom, sqlite, and ruby versions. Remove find-up by @​prabhu in CycloneDX/cdxgen#1843
• [build] Fixed docker warnings about using undefined variables by @​malice00 in CycloneDX/cdxgen#1846
• [build] Forgot to remove some newlines in the previous PR by @​malice00 in CycloneDX/cdxgen#1847
• Fix technique filtering logic by correctly checking for intersection by @​yuvalmich in CycloneDX/cdxgen#1848
• bugfix: normalize component evidence identities to always be array by @​yuvalmich in CycloneDX/cdxgen#1852

... (truncated)

Commits

• b4d93d0 Use uv to manage the optional python dependencies + goodies (#1870)
• 9763ab0 musl arm64 builds (#1869)
• 8a5b822 Fixes #1868
• 17534ea Update docs
• d8600aa Update packages
• 08a0d2b Adhoc fixes (#1864)
• f81f231 Improve default image. Added missing workflow perms. Customize codeql with co...
• 13e3daa Alpine node 20 and 24 image
• 929c926 Allowlist for server post. Quote arguments. (#1863)
• 12f6969 Replace --production with --omit=dev
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like @cyclonedx/cdxgen is up-to-date now, so this is no longer needed.