Removed project alias for pypi which was resulting in FP

Dockerfile

@@ -12,16 +12,16 @@ LABEL maintainer="AppThreat" \
       org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 7070:7070 -v $(pwd):/app:rw -t ghcr.io/owasp-dep-scan/dep-scan --server"
 
 ARG TARGETPLATFORM
-ARG JAVA_VERSION=22.0.1-tem
-ARG SBT_VERSION=1.9.9
-ARG MAVEN_VERSION=3.9.8
-ARG GRADLE_VERSION=8.8
+ARG JAVA_VERSION=22.0.2-tem
+ARG SBT_VERSION=1.10.1
+ARG MAVEN_VERSION=3.9.9
+ARG GRADLE_VERSION=8.10
 ARG NYDUS_VERSION=2.2.5
 ARG CDXGEN_VERSION=10.7.1
 ARG PYTHON_VERSION=3.12
 
 ENV GOPATH=/opt/app-root/go \
-    GO_VERSION=1.22.3 \
+    GO_VERSION=1.22.7 \
     JAVA_VERSION=$JAVA_VERSION \
     SBT_VERSION=$SBT_VERSION \
     MAVEN_VERSION=$MAVEN_VERSION \

depscan/lib/normalize.py

@@ -155,7 +155,6 @@ def create_pkg_variations(pkg_dict):
         vendor_aliases.add("pypi")
         vendor_aliases.add("python")
         vendor_aliases.add("python-" + name)
-        vendor_aliases.add(name + "project")
     elif purl.startswith("pkg:npm"):
         # pg-promise CVE is filed as pg
         if name.endswith("-promise"):

pyproject.toml

@@ -1,12 +1,12 @@
 [project]
 name = "owasp-depscan"
-version = "5.4.3"
+version = "5.4.4"
 description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
 authors = [
     {name = "Team AppThreat", email = "[email protected]"},
 ]
 dependencies = [
-    "appthreat-vulnerability-db==5.7.3",
+    "appthreat-vulnerability-db==5.7.5",
     "defusedxml",
     "oras~=0.1.26",
     "PyYAML",