ci(deps): bump @cyclonedx/cdxgen from 12.2.0 to 12.2.1 in /.github/tools in the node-workflow-tools group

[dependabot]

Bumps the node-workflow-tools group in /.github/tools with 1 update: @cyclonedx/cdxgen.

Updates @cyclonedx/cdxgen from 12.2.0 to 12.2.1

Release notes

Sourced from @​cyclonedx/cdxgen's releases.

Release v12.2.1

This release focuses on Node.js dependency accuracy, server-side submission hardening, and CI/build maintenance.

lang:node

#3920 added WASM and WASI detection in the JS analyzer with test coverage updates. #3924 fixed npm component deduplication to preserve lockfile hashes when combining minified JS and package-lock inputs. #3925 now sets cdx:npm:package:development=true for npm devDependencies, improving metadata fidelity for policy and filtering workflows.

server and submission integration

#3922 enhanced Dependency-Track BOM submit flow with configurable autoCreate and isLatest, plus strict parent mode validation across CLI and server paths. #3918 hardened gitClone handling against malicious hook execution scenarios in server contexts.

build and release tooling

#3919 removed dependency on table, reducing runtime dependency surface and simplifying display/reporting internals. #3911 updated CycloneDX spec version references across release-relevant configs and entry points (package.json, deno.json, pyproject.toml, bin/cdxgen.js, lib/cli/index.js).

compliance and compatibility

#3926 normalized object-form license data to CycloneDX-compliant fields in getLicenses.

Full Changelog: cdxgen/cdxgen@v12.2.0...v12.2.1

Commits

• b7611f8 types
• 22076f2 release changelog categories
• 3a6fafe Normalize object-form licenses to CycloneDX-compliant fields in getLicenses...
• 2815f90 Set cdx:npm:package:development=true for npm devDependencies (#3925)
• a9ec540 Preserve lockfile hashes when deduplicating npm components from minified JS +...
• dc37630 Dependency-Track BOM submit: configurable autoCreate/isLatest + strict pa...
• f424703 add wasm and wasi detection to JS analyzer and tests. Update workflow. (#3920)
• 842e489 Remove dependency on table (#3919)
• 7d9b420 security: harden gitClone against malicious hooks (Git 2.45+ / 2.54+) (#3918)
• e8727a1 update the spec version in multiple places (#3911)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions