Update cdxgen to bring dotnet universal tree fix

.github/workflows/pythonpublish.yml

@@ -11,6 +11,7 @@ on:
       - 'gobintests.yml'
     branches:
       - master
+      - release/*
     tags:
       - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
   workflow_dispatch:

Dockerfile

@@ -4,7 +4,7 @@ LABEL maintainer="AppThreat" \
       org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
       org.opencontainers.image.source="https://github.com/owasp-dep-scan/dep-scan" \
       org.opencontainers.image.url="https://appthreat.com" \
-      org.opencontainers.image.version="5.0.0" \
+      org.opencontainers.image.version="5.2.x" \
       org.opencontainers.image.vendor="appthreat" \
       org.opencontainers.image.licenses="MIT" \
       org.opencontainers.image.title="dep-scan" \
@@ -73,7 +73,8 @@ RUN set -e; \
     && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
     && rm -rf /root/.sdkman \
-    && npm install -g @cyclonedx/cdxgen \
+    && npm install -g @cyclonedx/cdxgen@^9.11.5 \
+    && cdxgen --version \
     && curl -LO "https://dl.google.com/go/go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz" \
     && tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \
     && rm go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \

pyproject.toml

@@ -1,14 +1,14 @@
 [project]
 name = "owasp-depscan"
-version = "5.2.3"
+version = "5.2.4"
 description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},
 ]
 dependencies = [
     "appthreat-vulnerability-db==5.5.10",
     "defusedxml",
-    "oras",
+    "oras==0.1.26",
     "PyYAML",
     "rich",
     "quart",