NPE on BomUploadProcessingTask at StateManagerImpl.transitionReadField

Current Behavior:

Once in while when a Jenkins uploads synchronously the generated BOM to dependency track we fail to get a response from Dependency-Track

On Dependency-Track we see a NullPointerException.

Steps to Reproduce:

Occurs randomly when uploading a BOM generated by @cyclonedx/bom by appending its results to the results generated by cyclonedx-gradle-plugin.

Environment:

• Dependency-Track Version: v3.5.1
• Distribution: Docker
• BOM Format & Version: CycloneDX BOM
• Database Server: PostgreSQL
• Browser: N/A

Additional Details:

Stack Trace:

09:53:56.922 INFO [MetricsUpdateTask] Executing metrics update on project: d90cf0bc-71ee-4140-8cbb-a542eafeda44
10:29:48.913 INFO [BomUploadProcessingTask] Processing CycloneDX BOM uploaded to project: fea6f545-c45c-43d1-a6df-a9821f544187
10:30:08.576 INFO [BomUploadProcessingTask] Processed 1215 components uploaded to project fea6f545-c45c-43d1-a6df-a9821f544187
10:30:08.580 ERROR [LoggableUncaughtExceptionHandler] An unknown error occurred in an asynchronous event or notification thread
java.lang.NullPointerException: null
        at org.datanucleus.state.StateManagerImpl.transitionReadField(StateManagerImpl.java:1047)
        at org.datanucleus.state.StateManagerImpl.isLoaded(StateManagerImpl.java:4091)
        at org.dependencytrack.model.Component.dnGetpurl(Component.java)
        at org.dependencytrack.model.Component.getPurl(Component.java:355)
        at org.dependencytrack.tasks.VulnerabilityAnalysisTask.inform(VulnerabilityAnalysisTask.java:61)
        at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:97)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)