update from @CycloneDX/cyclonedx-node-yarn project

[jkowalleck]

Question

see

leshan/.jenkins/weekly.jenkins

Lines 43 to 45 in 2a1a8af

	// Generate SBOM for yarn with trivy
	// Ideally we would like to use a specific integrated tools like : https://github.com/CycloneDX/cyclonedx-node-yarn
	// But project is not really active and is searching for contributor : https://github.com/CycloneDX/cyclonedx-node-yarn/issues/12

Just wanted to let you know, that the @CycloneDX/cyclonedx-node-yarn project was backed, and is actively maintained for a while, now.
Please let us know if you find any issues :D

[sbernard31]

@jkowalleck thx for letting me know that 🙏

I decided to test it some weeks ago but I was stopped quickly because cyclonedx-node-yarn does not support yarn 1.x. ( >v3 is required). I understand that you maybe don't want to target a so old version of yarn. (so I didn't provide you any feedback about that)

On our side, this is maybe not so easy to migrate from yarn classic (v1) to modern yarn (v3 or v4) : #1550

[sbernard31]

As we already have an issue (#1550) to track that, so I think we can close this.
For completeness I added a comment to that issue : #1550 (comment)