Open
Description
Currently, only the Gradle analyzer uses the new dependency graph format introduced in #3502. We should take advantage of the new format for more (ultimately all) package manager implementations.
Package managers that still need to be migrated are unchecked in this list:
- Bazel
- Bower
- Bundler
- Cargo
- Carthage
- CocoaPods
- Composer
- Conan
- GoMod
- Gradle
- GradleInspector
- Maven
- Npm
- NuGet
- Pnpm
- Pip
- Pipenv
- Poetry
- Pub
-
Sbt(not relevant itself, as it uses Maven) - SpdxDocumentFile
- Stack
- SwiftPm
- Yarn
- Yarn2