Home Original page

build(deps): bump the npm-dependencies group across 1 directory with 12 updates by dependabot[bot] · Pull Request #395 · guacsec/trustify-da-javascript-client

Bumps the npm-dependencies group with 12 updates in the / directory:

Package From To
@cyclonedx/cyclonedx-library 6.13.1 9.4.1
fast-xml-parser 5.3.4 5.4.1
packageurl-js 1.0.2 2.0.1
@trustify-da/trustify-da-api-model 2.0.3 2.0.7
@types/node 20.19.31 25.3.2
chai 4.5.0 6.2.2
eslint 8.57.1 10.0.2
mocha 10.8.2 11.7.5
msw 2.12.7 2.12.10
sinon 15.2.0 21.0.1
sinon-chai 3.7.0 4.0.1
which 5.0.0 6.0.1

Updates @cyclonedx/cyclonedx-library from 6.13.1 to 9.4.1

Release notes

Sourced from @​cyclonedx/cyclonedx-library's releases.

9.4.1

Fixed

  • Type declarations for deprecated symbols support usage as types (#1350 via #1351)

Refactor

  • Deprecated symbols turned from re-exports into re-declares (via #1351)
    Note: this change adds runtime overhead for the sake of documentation.

#1350: CycloneDX/cyclonedx-javascript-library#1350 #1351: CycloneDX/cyclonedx-javascript-library#1351

What's Changed

Full Changelog: CycloneDX/cyclonedx-javascript-library@v9.4.0...v9.4.1

9.4.0

Added

  • New entry points for /Contrib and known submodules (via #1343)
    See package.json::exports for details.

Changes

  • Moved non‑standard implementations to Contrib area (#1344 via #1343)

Deprecated

  • Certain exports have been deprecated; downstream imports should be updated to the new locations (#1344 via #1343)
    Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.

Refactor

  • The following symbols were moved. (#1344 via #1343)
    The symbols are still import-able through their old location.
    • OLD -> NEW
    • Builders.FromNodePackageJson -> Contrib.FromNodePackageJson.Builders
    • Factories.FromNodePackageJson -> Contrib.FromNodePackageJson.Factories
    • Factories.LicenseFactory -> Contrib.License.Factories.LicenseFactory
    • Factories.PackageUrlFactory -> Contrib.PackageUrl.Factories.PackageUrlFactory
    • Types.assertNodePackageJson -> Contrib.FromNodePackageJson.Types.assertNodePackageJson
    • Types.isNodePackageJson -> Contrib.FromNodePackageJson.Types.isNodePackageJson
    • Types.NodePackageJson -> Contrib.FromNodePackageJson.Types.NodePackageJson
    • Utils.BomUtility -> Contrib.Bom.Utils
    • Utils.LicenseUtility -> Contrib.License.Utils
    • Utils.NpmjsUtility -> Contrib.FromNodePackageJson.Utils

Style

  • Applied latest code style (via #1341)

Build

  • Use webpack v5.103.0 now, was v5.102.1 (via #1340)

#1340: CycloneDX/cyclonedx-javascript-library#1340 #1341: CycloneDX/cyclonedx-javascript-library#1341 #1343: CycloneDX/cyclonedx-javascript-library#1343

... (truncated)

Changelog

Sourced from @​cyclonedx/cyclonedx-library's changelog.

9.4.1 -- 2025-12-04

  • Fixed
    • Type declarations for deprecated symbols support usage as types (#1350 via #1351)
  • Refactor
    • Deprecated symbols turned from re-exports into re-declares (via #1351)
      Note: this change adds runtime overhead for the sake of documentation.

#1350: CycloneDX/cyclonedx-javascript-library#1350 #1351: CycloneDX/cyclonedx-javascript-library#1351

9.4.0 -- 2025-12-02

  • Added
    • New entry points for /Contrib and known submodules (via #1343)
      See package.json::exports for details.
  • Changes
    • Moved non‑standard implementations to Contrib area (#1344 via #1343)
  • Deprecated
    • Certain exports have been deprecated; downstream imports should be updated to the new locations (#1344 via #1343)
      Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.
  • Refactor
    • The following symbols were moved. (#1344 via #1343)
      The symbols are still import-able through their old location.
      • OLD -> NEW
      • Builders.FromNodePackageJson -> Contrib.FromNodePackageJson.Builders
      • Factories.FromNodePackageJson -> Contrib.FromNodePackageJson.Factories
      • Factories.LicenseFactory -> Contrib.License.Factories.LicenseFactory
      • Factories.PackageUrlFactory -> Contrib.PackageUrl.Factories.PackageUrlFactory
      • Types.assertNodePackageJson -> Contrib.FromNodePackageJson.Types.assertNodePackageJson
      • Types.isNodePackageJson -> Contrib.FromNodePackageJson.Types.isNodePackageJson
      • Types.NodePackageJson -> Contrib.FromNodePackageJson.Types.NodePackageJson
      • Utils.BomUtility -> Contrib.Bom.Utils
      • Utils.LicenseUtility -> Contrib.License.Utils
      • Utils.NpmjsUtility -> Contrib.FromNodePackageJson.Utils
  • Style
    • Applied latest code style (via #1341)
  • Build
    • Use webpack v5.103.0 now, was v5.102.1 (via #1340)

#1340: CycloneDX/cyclonedx-javascript-library#1340 #1341: CycloneDX/cyclonedx-javascript-library#1341 #1343: CycloneDX/cyclonedx-javascript-library#1343 #1344: CycloneDX/cyclonedx-javascript-library#1344

9.2.0 -- 2025-10-22

... (truncated)

Commits

Updates fast-xml-parser from 5.3.4 to 5.4.1

Release notes

Sourced from fast-xml-parser's releases.

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From

import { XMLBuilder } from "fast-xml-parser";

To

import  XMLBuilder  from "fast-xml-builder";

XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.

support strictReservedNames

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

CJS typing fix

What's Changed

New Contributors

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.7

Entity security and performance

  • Improve security and performance of entity processing
    • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
    • fast return when no edtity is present
    • improvement replacement logic to reduce number of calls

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.5...v5.3.6

v5.3.5

What's Changed

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.4.1 / 2026-02-25

  • fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

  • migrate to fast-xml-builder

5.3.9 / 2026-02-25

  • support strictReservedNames

5.3.8 / 2026-02-25

  • support maxNestedTags
  • handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
  • save use of js properies

5.3.7 / 2026-02-20

5.3.6 / 2026-02-14

  • Improve security and performance of entity processing
    • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
    • fast return when no edtity is present
    • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

  • fix: Escape regex char in entity name
  • update strnum to 2.1.2
  • add missing exports in CJS typings

5.3.4 / 2026-01-30

  • fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

  • fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

  • fix for import statement for v6

5.3.1 / 2025-11-03

5.3.0 / 2025-10-03

... (truncated)

Commits
  • 4e7ca80 update release info
  • 36023b4 fix (#785) unpairedTag node should not have tag content
  • b366026 separate builder
  • 6f333a8 update release info
  • c3ffbab support strictReservedNames
  • c692040 update release info
  • 107e34c avoid {} to create an empty object
  • 60835a4 support maxNestedTags
  • f55657c avoid direct call to hasOwnProperty
  • c13a961 handle non-array input for XML builder when preserveOrder is true
  • Additional commits viewable in compare view

Updates packageurl-js from 1.0.2 to 2.0.1

Changelog

Sourced from packageurl-js's changelog.

2.0.1

Bug Fix

  • Fix decoding problems around the % character #75 (fix contributed by @​jdalton)

2.0.0

  • Significant refactor based on code from @​jdalton
  • Numerous bug fixes and improvements the community was asking for
    • See closed issues and PRs for details (too many to list here)

1.2.1

Bug Fixes

1.2.0

Features

  • Add pub parsing for Dart and Flutter packages (contributed by @​topaztee)

1.1.1

Bug Fix

  • publish errors

1.1.0

Features

Commits
  • cd1eb4b chore: bump to v2.0.1 (#77)
  • f7dccd6 fix: error on decode with meaningful message
  • 07b818b fix: only decode in parseString
  • c2f576f bump to v2.0.0 (#74)
  • b5660a5 Merge pull request #73 from package-url/jdalton/sync
  • 400de0c Merge pull request #72 from package-url/dependabot/npm_and_yarn/braces-3.0.3
  • b6c8ce8 fix: correct package-url.d.ts readonly type casing
  • 96822af fix: correct param name typos
  • f81a6be fix: use encodeQualifierValue for qualifierKey and qualifierValue
  • ff590d2 feat: encode qualifiers with URLSearchParams
  • Additional commits viewable in compare view

Updates @trustify-da/trustify-da-api-model from 2.0.3 to 2.0.7

Release notes

Sourced from @​trustify-da/trustify-da-api-model's releases.

Release 2.0.7

What's Changed

Full Changelog: guacsec/trustify-da-api-spec@v2.0.5...v2.0.7

Release 2.0.5

What's Changed

New Contributors

Full Changelog: guacsec/trustify-da-api-spec@v2.0.2...v2.0.5

v2.0.4

What's Changed

New Contributors

Full Changelog: guacsec/trustify-da-api-spec@v2.0.2...v2.0.4

Commits
  • 07b74de build(release): release version 2.0.7
  • 92e04bc Merge pull request #102 from guacsec/release/v2.0.5
  • 92185f6 Merge branch 'main' into release/v2.0.5
  • c0e5cc6 Merge pull request #103 from ruromero/fix/publish-release
  • c4999e2 fix: version bump missing update-sources
  • f54c1c8 build(release): bump to next development version
  • 1d981c7 build(release): release version 2.0.5
  • 817898b Merge pull request #101 from ruromero/fix/release-version
  • f62a400 fix: avoid creating unnecessary backup pom
  • d08c39e fix: invalid version bump and body generation
  • Additional commits viewable in compare view

Updates @types/node from 20.19.31 to 25.3.2

Commits

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits
  • 814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
  • b38c22b chore: add legal-comments=none option (#1756)
  • 180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
  • 678cd00 chore(deps): update dependencies (#1755)
  • c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
  • d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
  • 243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
  • d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
  • 7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
  • b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.

Updates eslint from 8.57.1 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

  • 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

  • 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
  • 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
  • 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

  • 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
  • 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

  • c87d5bd fix: update eslint (#20531) (renovate[bot])
  • d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
  • 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
  • 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

  • 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
  • 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
  • b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

  • e5c281f chore: updates for v9.39.3 release (Jenkins)
  • 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
  • 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
  • 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
  • da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
  • 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
  • 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

  • f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
  • a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
  • c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
  • fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
  • 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
  • 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
  • ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
  • 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
  • c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
  • 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
  • a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
  • a89059d feat!: Program range span entire source text (#20133) (Pixel998)
  • 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
  • f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits
  • 55122d6 10.0.2
  • 80f1e29 Build: changelog update for 10.0.2
  • 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
  • 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
  • 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
  • 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
  • 98cbf6b docs: update migration guide per Program range change (#20534)
  • 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
  • 0bd5497 10.0.1
  • ddb80ef Build: changelog update for 10.0.1
  • Additional commits viewable in compare view

Updates mocha from 10.8.2 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

  • swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

📚 Documentation

  • migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

  • use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

🤖 Automation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

  • swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

  • run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
  • setup release-please ...

    Description has been truncated