Upload BOM using POST rather than PUT

[in-fke]

Due to possible hard size limitation in applications firewalls, I suggest to upload BOM using POST rather than PUT.
see https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#limits

According to https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-application-gateway-limits (its quite hidden), the maximum request body size for non-files is 2MB - and one could hit this limit if the bom is larger than 2MB (and easily hits the default limit of 128 KB).

Current Source Code:
https://github.com/pmckeown/dependency-track-maven-plugin/blob/main/src/main/java/io/github/pmckeown/dependencytrack/upload/BomClient.java#L46

[elmuerte]

That's an incredibly low maximum request body size. Also weird that this is just a size check, it does not even inspect the payload. Anyway, I do not seem much harm in changing it. Except that it should probably be made configurable. People might have created rules for the current PUT call. uploadBomAsMultipart or uploadUsingPost?

DepTrack's POST API is almost similar to the PUT API (for some reason the parameter is called isLatest in POST instead of isLatestProjectVersion in the PUT API).

It is not clear from the documentation, but the projectTags for the POST API is a comma separated list.

One important little detail in Microsoft's WAF documentation:

Only requests with Content-Type of multipart/form-data are considered for file uploads. For content to be considered as a file upload, it has to be a part of a multipart form with a filename header.

So for the bom multipart element it is vital to include a filename parameters to the multipart.