Skip to content

build(deps-dev): bump dependency-cruiser from 16.10.4 to 17.0.0 #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 27, 2025
Merged

build(deps-dev): bump dependency-cruiser from 16.10.4 to 17.0.0 #299

merged 1 commit into from
Jul 27, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 27, 2025

Bumps dependency-cruiser from 16.10.4 to 17.0.0.

Release notes

Sourced from dependency-cruiser's releases.

v17.0.0

🚨 breaking

  • a20a11ca chore!: drops support for node 18, 21 and 23 BREAKING (#1004)

... so still supported are node ^20(.12), ^22 and >=24 and this will remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year and 7 months. However, dropping node versions is inevitable as dependencies we use did this as well, and we want to keep up to date for obvious reasons. We also believe that most of dependency-cruiser's users have migrated away from node 18 (21, 23) a long time ago, given the release dates of their successors (april 2023, 2024 and 2025 respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

🧑‍🏭 maintenance

  • 684e1230 refactor!: replaces picocolors with native node:util/styleText (#1002)

♻️ life cycle management

  • a2cfc917/ 3f258c13 build(npm): updates external dependencies
Commits
  • 3a6af7d 17.0.0
  • a2cfc91 build(npm): updates external dependencies
  • 684e123 refactor!: replaces picocolors with node:util/styleText (#1002)
  • a20a11c chore!: drops support for node 18, 21 and 23 BREAKING (#1004)
  • 3f258c1 build(npm): updates external dependencies
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump dependency-cruiser from 16.10.4 to 17.0.0
d67e363 
Bumps [dependency-cruiser](https://github.com/sverweij/dependency-cruiser) from 16.10.4 to 17.0.0.
- [Release notes](https://github.com/sverweij/dependency-cruiser/releases)
- [Changelog](https://github.com/sverweij/dependency-cruiser/blob/main/CHANGELOG.md)
- [Commits](sverweij/dependency-cruiser@v16.10.4...v17.0.0)

---
updated-dependencies:
- dependency-name: dependency-cruiser
  dependency-version: 17.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file security Security labels Jul 27, 2025
@dependabot dependabot bot requested a review from pethers as a code owner July 27, 2025 14:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file security Security labels Jul 27, 2025
@github-actions github-actions bot added infrastructure and removed security Security labels Jul 27, 2025
@github-actions GitHub Actions
Copy link

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/commander 14.0.0 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 9Found 11/12 approved changesets -- score normalized to 9
Maintained🟢 1011 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected
npm/dependency-cruiser 17.0.0 🟢 7.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1022 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/dependency-cruiser ^17.0.0 🟢 7.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1022 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Files

  • package-lock.json
  • package.json

@pethers pethers merged commit a8f7863 into main Jul 27, 2025
9 checks passed
@pethers pethers deleted the dependabot/npm_and_yarn/dependency-cruiser-17.0.0 branch July 27, 2025 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pethers pethers Awaiting requested review from pethers pethers is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pethers