-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8.6.0 version started requiring new major Node version #1333
Comments
This is an interesting bug. It appears like these old versions do not use a lock file, so they are not reproducible. https://www.npmjs.com/package/@cyclonedx/cdxgen/v/8.6.0?activeTab=code In general, we can only support the current major version. You can try using our container image which is immutable. |
I have pushed 8.6.3 with some fixes (and test failures). Hopefully it works. We seriously do not have the funding, bandwidth, time, etc to maintain v8, when the current version is v10 and v11 is due later this year. |
Hey @prabhu , we're getting now
when installing cdxgen 8.6.3 :( |
@heubeck can you not use v9 or above, since you have node 18? What exactly is the barrier to upgrade to v10? |
Oh dear. Looks like npmjs is assuming the last release to be the latest. Can you explicitly specify the version number while I investigate this |
We are using version 8.6.0 of cdxgen in our Jenkins pipelines for node projects, where the build environment is a Docker container with the required Node.js version
node:<project_version>
.Since yesterday (first known reported issue, might have started happening earlier in the month) we noticed this log in our
node:16.19.0
projects:which leads to a generation issue:
A previous pipeline run log from the 8th of August, 2024, does not report the EBADENGINE warnings when installing
@cyclonedx/[email protected]
, and the SBOM generation proceeds without issues.I have been able to reproduce the issue in a brand new docker container:
I would therefore like to know if there is any cdxgen version that currently supports Node 16 (and possibly Node 14), or any workaround to the reported issue in version 8.6.0.
From the GitHub Page associated to this project, I could only see Node 20 referenced as a minimum runtime environment for your latest version, which we are currently unable to support in our legacy projects.
If necessary, we are able to upgrade/downgrade the cdxgen version.
Thank you!
The text was updated successfully, but these errors were encountered: