Skip to content

chore(deps): update dependency @cyclonedx/cyclonedx-npm to v4.2.0#548

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/cyclonedx-cyclonedx-npm-4.x
Open

chore(deps): update dependency @cyclonedx/cyclonedx-npm to v4.2.0#548
renovate[bot] wants to merge 1 commit intomainfrom
renovate/cyclonedx-cyclonedx-npm-4.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 8, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
@cyclonedx/cyclonedx-npm devDependencies minor 4.0.34.2.0 OpenSSF Scorecard

Release Notes

CycloneDX/cyclonedx-node-npm (@​cyclonedx/cyclonedx-npm)

v4.2.0

Compare Source

  • Fixed
  • Changed
    • Take care of PackageURL generation ourselves, now (via #​1416)
      Previously, this was done at best-effort by a 3rd-party library.
  • Dependencies
    • Bumped dependency @cyclonedx/cyclonedx-library@^10.0.0 now, was @^8.4.0||^9.0.0 (via #​1416)
    • Added dependency packageurl-js@^2.0.1 (via #​1416)
    • Added dependency spdx-expression-parse@^3.0.1||^4.0.0 (via #​1416)

v4.1.2

Compare Source

  • Runtime Dependencies
    • Support runtime-dependency xmlbuilder2@​^3.0.2||^4.0.3, was @^3.0.2 (#​1392 via #​1390)
  • Style
    • Applied latest code standards (via #​1388)

v4.1.1

Compare Source

  • Fixed
    • Create output dir properly if needed (via #​1377)

v4.1.0

Compare Source

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@coderabbitai
Copy link

coderabbitai bot commented Dec 8, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot added Ehrenamt-Justiz: Frontend Frontend of Ehrenamt-Jusitz Ehrenamt-Justiz: Online Online of Ehrenamt-Justiz labels Dec 8, 2025
@renovate renovate bot force-pushed the renovate/cyclonedx-cyclonedx-npm-4.x branch 4 times, most recently from 0b4cff6 to 70fe6aa Compare December 8, 2025 16:45
@renovate renovate bot changed the title chore(deps): update dependency @cyclonedx/cyclonedx-npm to v4.1.1 chore(deps): update dependency @cyclonedx/cyclonedx-npm to v4.1.2 Dec 8, 2025
@renovate renovate bot force-pushed the renovate/cyclonedx-cyclonedx-npm-4.x branch 12 times, most recently from 489a3a8 to 7529e14 Compare December 15, 2025 08:54
@renovate renovate bot force-pushed the renovate/cyclonedx-cyclonedx-npm-4.x branch 9 times, most recently from e274755 to 01a6d0e Compare January 5, 2026 22:42
@renovate renovate bot force-pushed the renovate/cyclonedx-cyclonedx-npm-4.x branch 15 times, most recently from c19df86 to 7526981 Compare February 9, 2026 13:58
@renovate renovate bot force-pushed the renovate/cyclonedx-cyclonedx-npm-4.x branch 14 times, most recently from 541498e to da3d10f Compare February 20, 2026 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Ehrenamt-Justiz: Frontend Frontend of Ehrenamt-Jusitz Ehrenamt-Justiz: Online Online of Ehrenamt-Justiz Type: Dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants