Is generating cyclonedx dependencies supported with the javascript-lock cataloger?

[jeremytbrun]

What would you like to be added:
Including dependency relationships in a CycloneDx SBOM generated by the javascript-lock cataloger?

Why is this needed:
So that I can report on Dependency Tree's using tools such as Dependency Track.

Additional context:

[wagoodman]

We don't support it today, but we plan to (#572 ). I've linked this issue back to that umbrella issue to track the specific ecosystem request 👍