Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency @cyclonedx/yarn-plugin-cyclonedx to v2 #9262

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency @cyclonedx/yarn-plugin-cyclonedx to v2 #9262

wants to merge 1 commit into from
+6 −6

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 7, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@cyclonedx/yarn-plugin-cyclonedx ^1.0.0-rc.7 -> ^2.0.0 age adoption passing confidence

Release Notes

CycloneDX/cyclonedx-node-yarn (@​cyclonedx/yarn-plugin-cyclonedx)

v2.0.0

Compare Source

  • BREAKING Changes
    • CLI option --spec-version defaults to 1.6, was 1.5 (#​222 via #​251)
    • Emit $.metadata.tools as components (#​221 via #​254)
      This affects only CycloneDX spec-version 1.5 and later.
    • Emitted .purl values might be partially url-encoded (via #​254)
      This is caused by changes on underlying 3rd-party dependency packageurl-js.
    • Create dir for output file if not exists (#​253 via #​255)
      This is only a breaking change if you relied on non-existent result paths to cause errors.
  • Dependencies

Configuration

📅 Schedule: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 7, 2025
@vercel Vercel
Copy link

vercel bot commented Feb 7, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments
Name Status Preview Comments Updated (UTC)
unleash-docs ⬜️ Ignored (Inspect) Visit Preview Feb 25, 2025 6:05am
unleash-monorepo-frontend ⬜️ Ignored (Inspect) Visit Preview Feb 25, 2025 6:05am

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 7, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@cyclonedx/yarn-plugin-cyclonedx ^2.0.0 UnknownUnknown
npm/@cyclonedx/yarn-plugin-cyclonedx 2.0.0 UnknownUnknown

Scanned Files

  • package.json
  • yarn.lock

@renovate renovate bot force-pushed the renovate/cyclonedx-yarn-plugin-cyclonedx-2.x branch from bca76fb to 68a9804 Compare February 20, 2025 02:05
@renovate renovate bot force-pushed the renovate/cyclonedx-yarn-plugin-cyclonedx-2.x branch from 68a9804 to 10f9f0f Compare February 21, 2025 11:12
@renovate renovate bot force-pushed the renovate/cyclonedx-yarn-plugin-cyclonedx-2.x branch from 10f9f0f to f207b89 Compare February 25, 2025 05:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
Issues and PRs
Status: Bots
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants