dependabot npm(deps-dev): bump @cyclonedx/cyclonedx-npm from 1.19.3 to 2.0.0
Bumps @cyclonedx/cyclonedx-npm from 1.19.3 to 2.0.0.
Release notes
Sourced from @cyclonedx/cyclonedx-npm
's releases.
2.0.0
BREAKING Changes
- CLI option
--spec-version
defaults to1.6
, was1.4
(#1173 via #1258)- Emit
$.metadata.tools
as components (#1233 via #1235)
This affects only CycloneDX spec-version 1.5 and later.- Emitted
.purl
values might be partially url-encoded (via #1235)
This is caused by changes on underlying 3rd-party dependencypackageurl-js
.- Create dir for output file if not exists (#1241 via #1242)
This is only a breaking change if you relied on non-existent result paths to cause errors.Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^7.0.0
, was@^6.11.0
(via #1235)#1173: CycloneDX/cyclonedx-node-npm#1173 #1233: CycloneDX/cyclonedx-node-npm#1233 #1235: CycloneDX/cyclonedx-node-npm#1235 #1241: CycloneDX/cyclonedx-node-npm#1241 #1242: CycloneDX/cyclonedx-node-npm#1242 #1258: CycloneDX/cyclonedx-node-npm#1258
What's Changed
- refactor: move
versionCompare
to internal helpers by@jkowalleck
in CycloneDX/cyclonedx-node-npm#1256- refactor: rename
properties
tocdx
by@jkowalleck
in CycloneDX/cyclonedx-node-npm#1257- feat: create dir for output file by
@cuhland
in CycloneDX/cyclonedx-node-npm#1242- feat: tools as components by
@jkowalleck
in CycloneDX/cyclonedx-node-npm#1235- feat!: CLI option
spec-version
defaults to1.6
by@jkowalleck
in CycloneDX/cyclonedx-node-npm#1258Full Changelog: https://github.com/CycloneDX/cyclonedx-node-npm/compare/v1.20.0...v2.0.0
1.20.0
Added
- Official support for
npm@11
(#1245 via #1249)- Capability to gather license text evidences (#256 via #1243)
This feature can be controlled via CLI switch--gather-license-texts
.
This feature is experimental. This feature is disabled per default.Dependencies
- No longer directly depend on
packageurl-js
(via #1237)Build
#256: CycloneDX/cyclonedx-node-npm#256 #1209: CycloneDX/cyclonedx-node-npm#1209 #1218: CycloneDX/cyclonedx-node-npm#1218 #1237: CycloneDX/cyclonedx-node-npm#1237 #1243: CycloneDX/cyclonedx-node-npm#1243 #1245: CycloneDX/cyclonedx-node-npm#1245 #1249: CycloneDX/cyclonedx-node-npm#1249
... (truncated)
Changelog
Sourced from @cyclonedx/cyclonedx-npm
's changelog.
2.0.0 - 2025-01-27
- BREAKING Changes
- CLI option
--spec-version
defaults to1.6
, was1.4
(#1173 via #1258)- Emit
$.metadata.tools
as components (#1233 via #1235)
This affects only CycloneDX spec-version 1.5 and later.- Emitted
.purl
values might be partially url-encoded (via #1235)
This is caused by changes on underlying 3rd-party dependencypackageurl-js
.- Create dir for output file if not exists (#1241 via #1242)
This is only a breaking change if you relied on non-existent result paths to cause errors.- Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^7.0.0
, was@^6.11.0
(via #1235)#1173: CycloneDX/cyclonedx-node-npm#1173 #1233: CycloneDX/cyclonedx-node-npm#1233 #1235: CycloneDX/cyclonedx-node-npm#1235 #1241: CycloneDX/cyclonedx-node-npm#1241 #1242: CycloneDX/cyclonedx-node-npm#1242 #1258: CycloneDX/cyclonedx-node-npm#1258
1.20.0 - 2025-01-13
- Added
- Dependencies
- No longer directly depend on
packageurl-js
(via #1237)- Build
#256: CycloneDX/cyclonedx-node-npm#256 #1209: CycloneDX/cyclonedx-node-npm#1209 #1218: CycloneDX/cyclonedx-node-npm#1218 #1237: CycloneDX/cyclonedx-node-npm#1237 #1243: CycloneDX/cyclonedx-node-npm#1243 #1245: CycloneDX/cyclonedx-node-npm#1245 #1249: CycloneDX/cyclonedx-node-npm#1249 #1255: CycloneDX/cyclonedx-node-npm#1255