chore(deps): update dependency @appthreat/cdx-proto to v1.2.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@appthreat/cdx-proto	1.1.4 -> 1.2.0

---

Release Notes

AppThreat/cdx-proto (@​appthreat/cdx-proto)

v1.2.0

Compare Source

What's Changed

• CycloneDX 1.7 specification by @​prabhu in #​3

Full Changelog: AppThreat/cdx-proto@v1.1.4...v1.2.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Output of pnpm why @appthreat/cdx-proto:

Legend: production dependency, optional only, dev only

@cyclonedx/[email protected] /home/runner/work/cdxgen/cdxgen

optionalDependencies:
@appthreat/cdx-proto 1.2.0

Output of jq on components:

{
  "group": "@appthreat",
  "name": "cdx-proto",
  "version": "1.2.0",
  "description": "Library to serialize/deserialize CycloneDX BOM with protocol buffers",
  "scope": "required",
  "hashes": [
    {
      "alg": "SHA-512",
      "content": "af683808ba36c31d7a5f3defeaf55d202f03aa914d5dc14cf45cafd69ffc70b1961aaa3434275411a86a7d2d0035378d6c533ac7c7da58eef606b3cc9551772d"
    }
  ],
  "licenses": [
    {
      "license": {
        "id": "Apache-2.0",
        "url": "https://opensource.org/licenses/Apache-2.0"
      }
    }
  ],
  "purl": "pkg:npm/%40appthreat/[email protected]",
  "externalReferences": [
    {
      "type": "vcs",
      "url": "https://github.com/AppThreat/cdx-proto#readme"
    },
    {
      "type": "vcs",
      "url": "git+https://github.com/AppThreat/cdx-proto.git"
    }
  ],
  "type": "library",
  "bom-ref": "pkg:npm/@appthreat/[email protected]",
  "properties": [
    {
      "name": "SrcFile",
      "value": "pnpm-lock.yaml"
    },
    {
      "name": "ImportedModules",
      "value": "@appthreat/cdx-proto,cdx_15,@appthreat/cdx-proto/cdx_15,cdx_16,@appthreat/cdx-proto/cdx_16"
    }
  ],
  "evidence": {
    "identity": [
      {
        "field": "purl",
        "confidence": 1,
        "methods": [
          {
            "technique": "manifest-analysis",
            "confidence": 1,
            "value": "pnpm-lock.yaml"
          }
        ],
        "concludedValue": "pnpm-lock.yaml"
      }
    ],
    "occurrences": [
      {
        "location": "lib/helpers/protobom.js#3"
      }
    ]
  }
}

Output of jq on dependencies:

{
  "ref": "pkg:npm/@appthreat/[email protected]",
  "dependsOn": [
    "pkg:npm/@bufbuild/[email protected]"
  ]
}

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (1.2.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.