Research alternatives to `go mod graph` for Go provider

### What happened?

There is a difference in the output of `go mod graph` introduced somewhere between versions 1.20.4 and 1.24.2 of Go, which causes the tests to fail due to a difference in final SBOM generated. We should investigate alternatives that are more stable to `go mod graph`. Further reading: https://github.com/CycloneDX/cyclonedx-gomod/issues/64

### Please provide runtime information.

`go version go1.20.4 linux/amd64` and `go version go1.24.2 linux/amd64` (supplied via Nix) on main branch of exhort-javascript-api 

### Relevant log output

```shell
$ go version && go mod graph | grep go@
go version go1.24.2 linux/amd64
golang.org/x/example go@1.18
$ go version && go mod graph | grep go@
go version go1.20.4 linux/amd64
<blank>
```

### How can this issue be reproduced?

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Research alternatives to `go mod graph` for Go provider #184

What happened?

Please provide runtime information.

Relevant log output

How can this issue be reproduced?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Research alternatives to go mod graph for Go provider #184

Description

What happened?

Please provide runtime information.

Relevant log output

How can this issue be reproduced?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Research alternatives to `go mod graph` for Go provider #184