Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump cyclonedx-npm package for npm10 support #750

Merged
merged 1 commit into from
Feb 26, 2024
Merged

chore: bump cyclonedx-npm package for npm10 support #750

merged 1 commit into from
Feb 26, 2024

Conversation

setchy
Copy link
Contributor

@setchy setchy commented Feb 26, 2024
edited
Loading

Description

Update @cyclonedx/cyclonedx-npm package so remove npm engine warning

Addressed Issue

When building with npm10, the following warning is displayed

npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@cyclonedx/[email protected]',
npm WARN EBADENGINE   required: { node: '>=14', npm: '6 - 9' },
npm WARN EBADENGINE   current: { node: 'v20.11.1', npm: '10.4.0' }
npm WARN EBADENGINE }

Additional Details

Checklist

@setchy
Copy link
Contributor Author

setchy commented Feb 26, 2024

I couldn't see an existing Dependabot PR covering this 🤷

@setchy setchy force-pushed the chore/cyclonedx-npm-bump branch from afebaa5 to 19c4fc0 Compare February 26, 2024 19:11
@nscuro nscuro added this to the 4.11 milestone Feb 26, 2024
nscuro
nscuro approved these changes Feb 26, 2024
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Not sure what's up with Dependabot, just recently I had to bump loads of dependencies by hand in the Java code base... DependencyTrack/dependency-track#3487

@nscuro nscuro merged commit fe884d8 into DependencyTrack:master Feb 26, 2024
9 checks passed
@setchy
Copy link
Contributor Author

setchy commented Feb 27, 2024

Thanks!

Not sure what's up with Dependabot, just recently I had to bump loads of dependencies by hand in the Java code base... DependencyTrack/dependency-track#3487

Unfortunately, that's consistent with my experience using Dependabot. It seems to be too passive and refrains from raising PR. It also lacks transparency over what is pending.

I'm far more familiar with Renovate Bot and find it way more intuitive to use, particularly it's Dependency Dashboard feature.

@setchy setchy deleted the chore/cyclonedx-npm-bump branch February 27, 2024 03:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
technical debt
Projects
None yet
Milestone
4.11
Development

Successfully merging this pull request may close these issues.
2 participants
@setchy @nscuro