[Snyk] Upgrade @cyclonedx/cyclonedx-npm from 3.0.0 to 4.0.0 #424
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @cyclonedx/cyclonedx-npm from 3.0.0 to 4.0.0. See this package in npm: @cyclonedx/cyclonedx-npm See this project in Snyk: https://app.snyk.io/org/nodeshift-agg/project/53f94480-e7ae-41d2-985c-270fae345664?utm_source=github&utm_medium=referral&page=upgrade-pr
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @cyclonedx/cyclonedx-npm from 3.0.0 to 4.0.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released 24 days ago.
Release notes
Package name: @cyclonedx/cyclonedx-npm
-
4.0.0 - 2025-06-23
- SBOM results might have slightly changed (via #1307)
- External dependency edge-cases are now properly nested (via #1307)
- SBOM result's
- Uses only trusted data from
- tests: fix flat prepared tests by @ jkowalleck in #1308
- feat: prefer trusted data, fix external deps edge-cases by @ jkowalleck in #1307
- chore(deps-dev): bump jest from 30.0.0 to 30.0.2 in the jest group by @ dependabot in #1309
-
3.1.0 - 2025-06-16
- Utilizes license file gatherer of
- Raised
- Raised
- chore(deps-dev): bump npm-run-all2 from 7.0.2 to 8.0.1 by @ dependabot in #1294
- chore: add workflow permissions by @ jkowalleck in #1298
- chore(deps): bump commander from 13.1.0 to 14.0.0 by @ dependabot in #1297
- ci: use node24 by @ jkowalleck in #1299
- feat: gather more info for bundled dependencies by @ jkowalleck in #1301
- feat: use CDX-library's license evidence gathering by @ jkowalleck in #1303
- chore(deps-dev): bump jest from 29.7.0 to 30.0.0 in the jest group by @ dependabot in #1305
-
3.0.1-alpha.0 - 2025-05-26
-
3.0.0 - 2025-04-08
- Dropped support for
- Dropped support for
- CLI switch
- CLI switch
- CLI switch
- License gathering correctly ignores symlinks and directories (#1290 via #1291)
- Raised
- Raised
- Raised
- Use TypeScript
- remove node < 20.18 & remove npm < 8.7 by @ jkowalleck in #1273
- feat!: drop support for npm<9 by @ jkowalleck in #1277
- chore(deps): use
- refactors by @ jkowalleck in #1278
- chore(deps-dev): bump typescript from 5.7.3 to 5.8.2 in the typescript group by @ dependabot in #1267
- deps: bunp runtime 20250330 by @ jkowalleck in #1281
- refactor: tune pipes by @ jkowalleck in #1280
- chore: slight refactor and coverage with c8 by @ jkowalleck in #1285
- chore: cs-fixer own tool by @ jkowalleck in #1284
- feat: CLI shorthands by @ jkowalleck in #1288
- fix: folder "LICENSES" causes crashes when gathering licenses by @ jkowalleck in #1291
- chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 in the typescript group by @ dependabot in #1289
from @cyclonedx/cyclonedx-npm GitHub release notesBREAKING Changes
Fixed
Changed
bom-refis prefixed with parent-component's one to ensure uniqueness (via #1307)npm-lsinternally (via #1307)No changes in data quality are expected.
What's Changed
Full Changelog: v3.1.0...v4.0.0
Changed
@ cyclonedx/cyclonedx-library, previously used own implementation (via #1303)Runtime Dependencies
@ cyclonedx/cyclonedx-library@^8.4.0, was@^8.0.0(via #1301, #1303)commander@^14.0.0, was@^13.1.0(via #1297)What's Changed
Full Changelog: v3.0.0...v3.1.0
3.0.1-alpha.0
Signed-off-by: jkowalleck <[email protected]>
BREAKING Changes
node<20.18.0(#1192 via #1273)npm<9(#1274 via #1273, #1277)Added
-oas shorthand for--output-file(#1282 via #1288)--ofas shorthand for--outout-format(#1282 via #1288)--svas shorthand for--spec-version(#1282 via #1288)Fixed
Runtime Dependencies
@ cyclonedx/cyclonedx-library@^8.0.0, was@^7.0.0(via #1281)commander@^13.1.0, was@^10.0.0(via #1281, #1288)normalize-package-data@^7.0.0, was@^3||^4||^5||^6(via #1281)Build
v5.8.3now, wasv5.7.3(via #1267, #1289)What's Changed
npm-run-all2@^7by @ jkowalleck in #1276Full Changelog: v2.1.0...v3.0.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: