Skip to content

dependabot npm(deps-dev): bump @cyclonedx/cyclonedx-npm from 1.19.3 to 2.0.0

Bumps @cyclonedx/cyclonedx-npm from 1.19.3 to 2.0.0.

Release notes

Sourced from @​cyclonedx/cyclonedx-npm's releases.

2.0.0

BREAKING Changes

  • CLI option --spec-version defaults to 1.6, was 1.4 (#1173 via #1258)
  • Emit $.metadata.tools as components (#1233 via #1235)
    This affects only CycloneDX spec-version 1.5 and later.
  • Emitted .purl values might be partially url-encoded (via #1235)
    This is caused by changes on underlying 3rd-party dependency packageurl-js.
  • Create dir for output file if not exists (#1241 via #1242)
    This is only a breaking change if you relied on non-existent result paths to cause errors.

Misc

  • Raised dependency @cyclonedx/cyclonedx-library@^7.0.0, was @^6.11.0 (via #1235)

#1173: CycloneDX/cyclonedx-node-npm#1173 #1233: CycloneDX/cyclonedx-node-npm#1233 #1235: CycloneDX/cyclonedx-node-npm#1235 #1241: CycloneDX/cyclonedx-node-npm#1241 #1242: CycloneDX/cyclonedx-node-npm#1242 #1258: CycloneDX/cyclonedx-node-npm#1258


What's Changed

Full Changelog: https://github.com/CycloneDX/cyclonedx-node-npm/compare/v1.20.0...v2.0.0

1.20.0

Added

  • Official support for npm@11 (#1245 via #1249)
  • Capability to gather license text evidences (#256 via #1243)
    This feature can be controlled via CLI switch --gather-license-texts.
    This feature is experimental. This feature is disabled per default.

Dependencies

  • No longer directly depend on packageurl-js (via #1237)

Build

#256: CycloneDX/cyclonedx-node-npm#256 #1209: CycloneDX/cyclonedx-node-npm#1209 #1218: CycloneDX/cyclonedx-node-npm#1218 #1237: CycloneDX/cyclonedx-node-npm#1237 #1243: CycloneDX/cyclonedx-node-npm#1243 #1245: CycloneDX/cyclonedx-node-npm#1245 #1249: CycloneDX/cyclonedx-node-npm#1249

... (truncated)

Changelog

Sourced from @​cyclonedx/cyclonedx-npm's changelog.

2.0.0 - 2025-01-27

  • BREAKING Changes
    • CLI option --spec-version defaults to 1.6, was 1.4 (#1173 via #1258)
    • Emit $.metadata.tools as components (#1233 via #1235)
      This affects only CycloneDX spec-version 1.5 and later.
    • Emitted .purl values might be partially url-encoded (via #1235)
      This is caused by changes on underlying 3rd-party dependency packageurl-js.
    • Create dir for output file if not exists (#1241 via #1242)
      This is only a breaking change if you relied on non-existent result paths to cause errors.
  • Misc
    • Raised dependency @cyclonedx/cyclonedx-library@^7.0.0, was @^6.11.0 (via #1235)

#1173: CycloneDX/cyclonedx-node-npm#1173 #1233: CycloneDX/cyclonedx-node-npm#1233 #1235: CycloneDX/cyclonedx-node-npm#1235 #1241: CycloneDX/cyclonedx-node-npm#1241 #1242: CycloneDX/cyclonedx-node-npm#1242 #1258: CycloneDX/cyclonedx-node-npm#1258

1.20.0 - 2025-01-13

  • Added
    • Official support for npm@11 (#1245 via #1249)
    • Capability to gather license text evidences (#256 via #1243)
      This feature can be controlled via CLI switch --gather-license-texts.
      This feature is experimental. This feature is disabled per default.
  • Dependencies
    • No longer directly depend on packageurl-js (via #1237)
  • Build

#256: CycloneDX/cyclonedx-node-npm#256 #1209: CycloneDX/cyclonedx-node-npm#1209 #1218: CycloneDX/cyclonedx-node-npm#1218 #1237: CycloneDX/cyclonedx-node-npm#1237 #1243: CycloneDX/cyclonedx-node-npm#1243 #1245: CycloneDX/cyclonedx-node-npm#1245 #1249: CycloneDX/cyclonedx-node-npm#1249 #1255: CycloneDX/cyclonedx-node-npm#1255

Commits

Merge request reports

Loading