Releases: CycloneDX/cyclonedx-maven-plugin
Releases · CycloneDX/cyclonedx-maven-plugin
2.9.0
🎉 Major features and improvements
- Support 1.6 spec (#556) @thesurlydev
🔧 Build
- run mvn verify in CI instead of package (#560) @hboutemy
- Avoid resources filtering warning (#543) @Bananeweizen
- fix site issues created by upgrades #553 and #552 (#559) @hboutemy
- Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 (#553) @dependabot
- Bump actions/checkout from 4.1.7 to 4.2.0 (#555) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.10.1 (#558) @dependabot
Contributors
thesurlydev, hboutemy, and 2 other contributors
Assets 2
2.8.2
🐛 Bug Fixes
📦 Dependency updates
- Bump plugin-tools.version from 3.13.1 to 3.15.0 (#551) @dependabot
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.1 to 3.7.0 (#552) @dependabot
- Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 (#546) @dependabot
- Bump commons-codec:commons-codec from 1.17.0 to 1.17.1 (#537) @dependabot
Contributors
hboutemy and dependabot
Assets 2
2.8.1
🚀 New features and improvements
- replace CDX 1.5 deprecated tool (#517) @hboutemy
- make classifier used to attach the sbom configurable (#506) @hboutemy
📦 Dependency updates
- upgrade cyclonedx-maven-plugin from 2.7.9 to 2.8.0 (#536) @hboutemy
- Bump net.javacrumbs.json-unit:json-unit-assertj from 2.38.0 to 2.40.1 (#532) @dependabot
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 (#535) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 (#533) @dependabot
- Bump org.junit:junit-bom from 5.10.2 to 5.10.3 (#527) @dependabot
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (#528) @dependabot
- Bump plugin-tools.version from 3.13.0 to 3.13.1 (#519) @dependabot
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.1 (#525) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 (#511) @dependabot
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#512) @dependabot
- Bump actions/checkout from 4.1.6 to 4.1.7 (#515) @dependabot
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 (#509) @dependabot
- Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 (#508) @dependabot
- Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 (#507) @dependabot
- Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 1.14.1 (#503) @dependabot
- Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#501) @dependabot
- Bump plugin-tools.version from 3.12.0 to 3.13.0 (#499) @dependabot
- Bump actions/checkout from 4.1.5 to 4.1.6 (#502) @dependabot
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 (#488) @dependabot
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.1 (#482) @dependabot
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 (#490) @dependabot
- Bump actions/checkout from 4.1.2 to 4.1.5 (#496) @dependabot
- Bump plugin-tools.version from 3.11.0 to 3.12.0 (#484) @dependabot
Contributors
hboutemy and dependabot
Assets 2
2.8.0
🚀 New features and improvements
- convert external reference type by value instead of CONSTANT_NAME (#480) @hboutemy
- distribution-intake external reference is more accurate (#477) @hboutemy
- add 'build' lifecycle when CDX 1.5 (#462) @hboutemy
- document SBOM external references (#459) @hboutemy
- improve site generation (#458) @hboutemy
- upgrade to CycloneDX 1.5 (#457) @hboutemy
🐛 Bug Fixes
📦 Dependency updates
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 (#478) @dependabot
- Bump actions/checkout from 4.1.1 to 4.1.2 (#474) @dependabot
- Bump org.apache.commons:commons-compress from 1.24.0 to 1.26.0 in /src/it/makeAggregateBom/util (#468) @dependabot
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#465) @dependabot
- Bump release-drafter/release-drafter from 5 to 6 (#464) @dependabot
- Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 (#466) @dependabot
Contributors
hboutemy, msymons, and dependabot
Assets 2
2.7.11
🚀 New features and improvements
- rename convert methohds to explicit project vs dependency (#456) @hboutemy
- cleanup unused code (#455) @hboutemy
- test dependency type=zip for #431 (reverts #9) (#454) @hboutemy
- Support metadata when dependency is any other dependency type than jar (#431) @AlbGarciam
- Add support for custom external references (#428) @vy
- Add a configuration option to skip undeployed artifacts (#435) @ppkarwasz
- use metadata properties in UUID (#441) @hboutemy
- Generate serial numbers deterministically (#420) (#425) @vy
📦 Dependency updates
- define plugin-tools.version property (#453) @hboutemy
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.2 to 3.11.0 (#451) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.2 to 3.11.0 (#450) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.2 to 3.11.0 (#449) @dependabot
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 (#447) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.1 to 3.10.2 (#445) @dependabot
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.4.5 to 3.5.0 (#442) @dependabot
- Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#443) @dependabot
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.1 to 3.10.2 (#444) @dependabot
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#422) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.1 to 3.10.2 (#424) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 (#438) @dependabot
- Bump actions/setup-java from 3 to 4 (#437) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.9.0 to 3.10.1 (#417) @dependabot
Contributors
vy, hboutemy, and 3 other contributors
Assets 2
2.7.10
🚀 New features and improvements
- Extended documentation by pointing out the allowed project types (#383) @r4fterman
- [409] Removes non-deployed artifacts from SBOM (#416) @ppkarwasz
- Addressing issue #388. Checking if URL is null, empty, or blank (usin… (#396) @mtgag
- replace maven.reproducible property with cdx:reproducible (#392) @hboutemy
- upgrade cyclonedx-maven-plugin to 2.7.9 to produce Reproducible SBOM (#368) @hboutemy
🐛 Bug Fixes
- ignore bomGenerator.generate() call (#376) @seanly
- switch to m-plugin-report-p introduced in 3.9.0 (#381) @hboutemy
📦 Dependency updates
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.8.2 to 3.10.1 (#413) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.9.0 to 3.10.1 (#412) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 (#404) @dependabot
- Bump actions/checkout from 4.1.0 to 4.1.1 (#408) @dependabot
- Bump commons-codec from 1.15 to 1.16.0 (#377) @dependabot
- Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#385) @dependabot
- Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#386) @dependabot
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 (#399) @dependabot
- Bump org.apache.commons:commons-compress from 1.22 to 1.24.0 in /src/it/makeAggregateBom/util (#400) @dependabot
- Bump actions/checkout from 3.5.3 to 4.1.0 (#401) @dependabot
- Bump org.xerial.snappy:snappy-java from 1.1.8.4 to 1.1.10.4 in /src/test/resources/bundle (#402) @dependabot
- Bump actions/checkout from 3.5.2 to 3.5.3 (#370) @dependabot
- Bump maven-release-plugin from 3.0.0 to 3.0.1 (#369) @dependabot
- Bump maven-source-plugin from 3.2.1 to 3.3.0 (#366) @dependabot
- Bump maven-plugin-plugin from 3.8.2 to 3.9.0 (#363) @dependabot
Contributors
seanly, hboutemy, and 4 other contributors
Assets 2
2.7.9
🚀 New features and improvements
- Add a test to ensure we handle relocations, closes #289 (#360) @knrc
- Add support for maven optionality, fixes #314 (#356) @knrc
- Remove extra dependency collection through Mojo annotation, fixes #354 (#355) @knrc
- support Reproducible SBOM: drop UUID and timestamp when RB mode enabled (#353) @hboutemy
🐛 Bug Fixes
- Fix makeAggregateBom failed: Unknown constant pool type 17 (#358) @garydgregory
📦 Dependency updates
- Bump maven-gpg-plugin from 3.0.1 to 3.1.0 (#359) @dependabot
- Bump junit-bom from 5.9.2 to 5.9.3 (#349) @dependabot
Contributors
hboutemy, knrc, and 2 other contributors
Assets 2
2.7.8
🐛 Bug Fixes
📦 Dependency updates
- upgrade cyclonedx-maven-plugin (#348) @hboutemy
- Bump maven-plugin-plugin from 3.7.1 to 3.8.2 (#346) @dependabot
- Bump maven-plugin-annotations from 3.7.1 to 3.8.2 (#347) @dependabot
Contributors
hboutemy, knrc, and dependabot
Assets 2
2.7.7
🐛 Bug Fixes
- simplify external references addition (#341) @hboutemy
- use metadata properties instead of tool name (#340) @hboutemy
- Fix issue #263, handling ci-friendly properties in the parent references (#334) @knrc
- Fix performance issue for aggregates, fixes #324 (#333) @knrc
📦 Dependency updates
- upgrade maven-dependency-analyzer/asm (#342) @hboutemy
- Bump actions/checkout from 3.5.1 to 3.5.2 (#338) @dependabot
- Bump maven-enforcer-plugin from 3.2.1 to 3.3.0 (#327) @dependabot
- Bump maven-invoker-plugin from 3.5.0 to 3.5.1 (#323) @dependabot
- Bump actions/checkout from 3.5.0 to 3.5.1 (#337) @dependabot
Contributors
hboutemy, knrc, and dependabot
Assets 2
2.7.6
- improve documentation on Maven dependency scopes (not CycloneDX scopes) (#309) @hboutemy
- extract dependencies conversion from Mojo to component (#301) @hboutemy
- clean pom, upgrade compiler plugin, use release (#299) @hboutemy
- add a test for Maven parent dependencies in reactor (#298) @hboutemy
- extract dependency analysis code that infers scope (#294) @hboutemy
- Fix typo in README (#285) @nielsbasjes
🚀 New features and improvements
- feat: expose the outputDirectory configuration parameter as a property (#321) @goldmann
- streamline plugin output (#304) @hboutemy
- add included Maven dependency scopes to tool description in SBOM (#300) @hboutemy
🐛 Bug Fixes
- Fixes #307, addresses cyclic dependencies created by self references (#308) @knrc
- Fixes #284, Switch to aether and filter artifacts based on individual… (#302) @knrc
- schema version 1.1 requires components cleanup from dependencies (#293) @hboutemy
📦 Dependency updates
- Bump maven-release-plugin from 3.0.0-M7 to 3.0.0 (#316) @dependabot
- Bump actions/checkout from 3.3.0 to 3.5.0 (#320) @dependabot
- Bump cyclonedx-core-java from 7.3.1 to 7.3.2 (#297) @dependabot
Contributors
goldmann, hboutemy, and 3 other contributors