Getting error "log.silly is not a function" While generating dependency tree and got conflicts in peer dependency in scan process

[dsinghcertinia]

We were running cdxgen scan to generate SBOM reports for a repository. While scanning it showing error in console logs like log.silly is not a function and doesn't create proper SBOM reports in both version (1.4 & 1.6). In cdxgen version 11.7.0 it is working fine and generating reports properly but for upper versions > 11.7.0 it showing error.

Here is the stack trace :

TypeError: log.silly is not a function
    at OverrideSet.findSpecificOverrideSet (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/override-set.js:211:9)
    at Node.updateOverridesEdgeInAdded (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1435:40)
    at Node.addEdgeIn (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1461:12)
    at Edge.reload (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/edge.js:335:18)
    at [_reloadNamedEdges] (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1480:12)
    at [_reloadNamedEdges] (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1483:27)
    at set root (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:666:40)
    at new Node (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:235:17)
    at #loadNode (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/arborist/load-virtual.js:284:20)
    at #resolveNodes (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/arborist/load-virtual.js:197:45)
Unable to parse /home/Demo-Repo/package-lock.json without legacy peer dependencies. Retrying ...
TypeError: log.silly is not a function
    at OverrideSet.findSpecificOverrideSet (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/override-set.js:211:9)
    at Node.updateOverridesEdgeInAdded (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1435:40)
    at Node.addEdgeIn (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1461:12)
    at Edge.reload (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/edge.js:335:18)
    at [_reloadNamedEdges] (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1480:12)
    at [_reloadNamedEdges] (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:1483:27)
    at set root (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:666:40)
    at new Node (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/node.js:235:17)
    at #loadNode (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/arborist/load-virtual.js:284:20)
    at #resolveNodes (file:///home/jenkins/.volta/tools/image/packages/@cyclonedx/cdxgen/lib/node_modules/@cyclonedx/cdxgen/lib/third-party/arborist/lib/arborist/load-virtual.js:197:45)
Unable to parse /home/Demo-Repo/package-lock.json in legacy and non-legacy mode. The resulting SBOM would be incomplete. 

Please have a look into this.

[prabhu]

Can you attach the problematic package-lock.json file? The fix is to remove this line, so please feel free to test and send a pull request.

https://github.com/CycloneDX/cdxgen/blob/3a2ec61c8e925ab20bdbd018480396056c700258/lib/third-party/arborist/lib/override-set.js#L211

[dsinghcertinia]

Should i remove or comment the line in all the occurrences where this log.silly function used in cdxgen code

[malice00]

Fixed with #2723