From a421acc56b464c8c33a95ff19776bad7deff1f74 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 13:53:21 +0200
Subject: [PATCH] chore(deps): bump normalize-package-data from 6.0.1 to 6.0.2
(#141)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps
[normalize-package-data](https://github.com/npm/normalize-package-data)
from 6.0.1 to 6.0.2.
Release notes
Sourced from normalize-package-data's
releases.
v6.0.2
6.0.2
(2024-06-25)
Dependencies
Changelog
Sourced from normalize-package-data's
changelog.
6.0.2
(2024-06-25)
Dependencies
Commits
[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=normalize-package-data&package-manager=npm_and_yarn&previous-version=6.0.1&new-version=6.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot]
Signed-off-by: Jan Kowalleck
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jan Kowalleck
---
HISTORY.md | 6 +++++-
package.json | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/HISTORY.md b/HISTORY.md
index bf4197f4..64a7e7bd 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -6,10 +6,14 @@ All notable changes to this project will be documented in this file.
+* Dependencies
+ * Upgraded runtime-dependency `normalize-package-data@6.0.2`, was `@6.0.1` (via [#141])
+ This was done to incorporate non-breaking upstream changes and fixes.
* Build
* Use _TypeScript_ `v5.5.4` now, was `v5.5.3` (via [#160])
* Use _@yarnpkg/builder_ `v4.2.0` now, was `v4.1.1` (via [#164], [#172])
-
+
+[#141]: https://github.com/CycloneDX/cyclonedx-node-yarn/pull/141
[#160]: https://github.com/CycloneDX/cyclonedx-node-yarn/pull/160
[#164]: https://github.com/CycloneDX/cyclonedx-node-yarn/pull/164
[#172]: https://github.com/CycloneDX/cyclonedx-node-yarn/pull/172
diff --git a/package.json b/package.json
index 58529c97..3a5e2736 100644
--- a/package.json
+++ b/package.json
@@ -61,7 +61,7 @@
"@yarnpkg/plugin-git": "^3",
"clipanion": "^4.0.0-rc.3",
"hosted-git-info": "7.0.2",
- "normalize-package-data": "6.0.1",
+ "normalize-package-data": "6.0.2",
"packageurl-js": "1.2.1",
"typanion": "^3.14.0",
"xmlbuilder2": "3.1.1"