Open
Description
When running cyclondedx v 2.1.0 on node 22 I get:
[INFO] Running 'npx @cyclonedx/cyclonedx-npm --mc-type library --output-file target/frontend.sbom.json' in /home/led/ws/inca1/vertigo/frontend
[INFO] (node:75084) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
[INFO] (Use `node --trace-deprecation ...` to show where the warning was created)
The issue stems from this library using an outdated third-party dep, this is the dep tree;
├─┬ @cyclonedx/cyclonedx-npm@2.1.0
│ ├─┬ @cyclonedx/cyclonedx-library@7.1.0
│ │ ├─┬ ajv-formats-draft2019@1.6.1 <------ DEPRECATED
│ │ │ ├── ajv@6.12.6 deduped
│ │ │ ├── punycode@2.3.0
│ │ │ ├─┬ schemes@1.4.0
│ │ │ │ └── extend@3.0.2
│ │ │ ├─┬ smtp-address-parser@1.1.0
│ │ │ │ └─┬ nearley@2.20.1
│ │ │ │ ├── commander@2.20.3
│ │ │ │ ├── moo@0.5.2
│ │ │ │ ├── railroad-diagrams@1.0.0
│ │ │ │ └─┬ randexp@0.4.6
│ │ │ │ ├── discontinuous-range@1.0.0
│ │ │ │ └── ret@0.1.15
│ │ │ └─┬ uri-js@4.4.1
│ │ │ └── punycode@2.3.0 deduped
│ │ ├─┬ ajv-formats@3.0.1
│ │ │ └── ajv@8.17.1 deduped
│ │ ├─┬ ajv@8.17.1
│ │ │ ├── fast-deep-equal@3.1.3 deduped
│ │ │ ├── fast-uri@3.0.1
│ │ │ ├── json-schema-traverse@1.0.0
│ │ │ └── require-from-string@2.0.2
│ │ ├─┬ libxmljs2@0.35.0
│ │ │ ├─┬ bindings@1.5.0
https://www.npmjs.com/package/ajv-formats-draft2019 is 4 years old and can be updated.
See also CycloneDX/cyclonedx-webpack-plugin#1348 that was closed