Releases: CycloneDX/cyclonedx-maven-plugin
Releases · CycloneDX/cyclonedx-maven-plugin
2.8.1
🚀 New features and improvements
- replace CDX 1.5 deprecated tool (#517) @hboutemy
- make classifier used to attach the sbom configurable (#506) @hboutemy
📦 Dependency updates
- upgrade cyclonedx-maven-plugin from 2.7.9 to 2.8.0 (#536) @hboutemy
- Bump net.javacrumbs.json-unit:json-unit-assertj from 2.38.0 to 2.40.1 (#532) @dependabot
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 (#535) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 (#533) @dependabot
- Bump org.junit:junit-bom from 5.10.2 to 5.10.3 (#527) @dependabot
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (#528) @dependabot
- Bump plugin-tools.version from 3.13.0 to 3.13.1 (#519) @dependabot
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.1 (#525) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 (#511) @dependabot
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#512) @dependabot
- Bump actions/checkout from 4.1.6 to 4.1.7 (#515) @dependabot
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 (#509) @dependabot
- Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 (#508) @dependabot
- Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 (#507) @dependabot
- Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 1.14.1 (#503) @dependabot
- Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#501) @dependabot
- Bump plugin-tools.version from 3.12.0 to 3.13.0 (#499) @dependabot
- Bump actions/checkout from 4.1.5 to 4.1.6 (#502) @dependabot
- Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 (#488) @dependabot
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.1 (#482) @dependabot
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 (#490) @dependabot
- Bump actions/checkout from 4.1.2 to 4.1.5 (#496) @dependabot
- Bump plugin-tools.version from 3.11.0 to 3.12.0 (#484) @dependabot
2.8.0
🚀 New features and improvements
- convert external reference type by value instead of CONSTANT_NAME (#480) @hboutemy
- distribution-intake external reference is more accurate (#477) @hboutemy
- add 'build' lifecycle when CDX 1.5 (#462) @hboutemy
- document SBOM external references (#459) @hboutemy
- improve site generation (#458) @hboutemy
- upgrade to CycloneDX 1.5 (#457) @hboutemy
🐛 Bug Fixes
📦 Dependency updates
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 (#478) @dependabot
- Bump actions/checkout from 4.1.1 to 4.1.2 (#474) @dependabot
- Bump org.apache.commons:commons-compress from 1.24.0 to 1.26.0 in /src/it/makeAggregateBom/util (#468) @dependabot
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#465) @dependabot
- Bump release-drafter/release-drafter from 5 to 6 (#464) @dependabot
- Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 (#466) @dependabot
2.7.11
🚀 New features and improvements
- rename convert methohds to explicit project vs dependency (#456) @hboutemy
- cleanup unused code (#455) @hboutemy
- test dependency type=zip for #431 (reverts #9) (#454) @hboutemy
- Support metadata when dependency is any other dependency type than jar (#431) @AlbGarciam
- Add support for custom external references (#428) @vy
- Add a configuration option to skip undeployed artifacts (#435) @ppkarwasz
- use metadata properties in UUID (#441) @hboutemy
- Generate serial numbers deterministically (#420) (#425) @vy
📦 Dependency updates
- define plugin-tools.version property (#453) @hboutemy
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.2 to 3.11.0 (#451) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.2 to 3.11.0 (#450) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.2 to 3.11.0 (#449) @dependabot
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 (#447) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.1 to 3.10.2 (#445) @dependabot
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.4.5 to 3.5.0 (#442) @dependabot
- Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#443) @dependabot
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.1 to 3.10.2 (#444) @dependabot
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#422) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.1 to 3.10.2 (#424) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 (#438) @dependabot
- Bump actions/setup-java from 3 to 4 (#437) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.9.0 to 3.10.1 (#417) @dependabot
2.7.10
🚀 New features and improvements
- Extended documentation by pointing out the allowed project types (#383) @r4fterman
- [409] Removes non-deployed artifacts from SBOM (#416) @ppkarwasz
- Addressing issue #388. Checking if URL is null, empty, or blank (usin… (#396) @mtgag
- replace maven.reproducible property with cdx:reproducible (#392) @hboutemy
- upgrade cyclonedx-maven-plugin to 2.7.9 to produce Reproducible SBOM (#368) @hboutemy
🐛 Bug Fixes
- ignore bomGenerator.generate() call (#376) @seanly
- switch to m-plugin-report-p introduced in 3.9.0 (#381) @hboutemy
📦 Dependency updates
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.8.2 to 3.10.1 (#413) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.9.0 to 3.10.1 (#412) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 (#404) @dependabot
- Bump actions/checkout from 4.1.0 to 4.1.1 (#408) @dependabot
- Bump commons-codec from 1.15 to 1.16.0 (#377) @dependabot
- Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#385) @dependabot
- Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#386) @dependabot
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 (#399) @dependabot
- Bump org.apache.commons:commons-compress from 1.22 to 1.24.0 in /src/it/makeAggregateBom/util (#400) @dependabot
- Bump actions/checkout from 3.5.3 to 4.1.0 (#401) @dependabot
- Bump org.xerial.snappy:snappy-java from 1.1.8.4 to 1.1.10.4 in /src/test/resources/bundle (#402) @dependabot
- Bump actions/checkout from 3.5.2 to 3.5.3 (#370) @dependabot
- Bump maven-release-plugin from 3.0.0 to 3.0.1 (#369) @dependabot
- Bump maven-source-plugin from 3.2.1 to 3.3.0 (#366) @dependabot
- Bump maven-plugin-plugin from 3.8.2 to 3.9.0 (#363) @dependabot
2.7.9
🚀 New features and improvements
- Add a test to ensure we handle relocations, closes #289 (#360) @knrc
- Add support for maven optionality, fixes #314 (#356) @knrc
- Remove extra dependency collection through Mojo annotation, fixes #354 (#355) @knrc
- support Reproducible SBOM: drop UUID and timestamp when RB mode enabled (#353) @hboutemy
🐛 Bug Fixes
- Fix makeAggregateBom failed: Unknown constant pool type 17 (#358) @garydgregory
📦 Dependency updates
- Bump maven-gpg-plugin from 3.0.1 to 3.1.0 (#359) @dependabot
- Bump junit-bom from 5.9.2 to 5.9.3 (#349) @dependabot
2.7.8
🐛 Bug Fixes
📦 Dependency updates
- upgrade cyclonedx-maven-plugin (#348) @hboutemy
- Bump maven-plugin-plugin from 3.7.1 to 3.8.2 (#346) @dependabot
- Bump maven-plugin-annotations from 3.7.1 to 3.8.2 (#347) @dependabot
2.7.7
🐛 Bug Fixes
- simplify external references addition (#341) @hboutemy
- use metadata properties instead of tool name (#340) @hboutemy
- Fix issue #263, handling ci-friendly properties in the parent references (#334) @knrc
- Fix performance issue for aggregates, fixes #324 (#333) @knrc
📦 Dependency updates
- upgrade maven-dependency-analyzer/asm (#342) @hboutemy
- Bump actions/checkout from 3.5.1 to 3.5.2 (#338) @dependabot
- Bump maven-enforcer-plugin from 3.2.1 to 3.3.0 (#327) @dependabot
- Bump maven-invoker-plugin from 3.5.0 to 3.5.1 (#323) @dependabot
- Bump actions/checkout from 3.5.0 to 3.5.1 (#337) @dependabot
2.7.6
- improve documentation on Maven dependency scopes (not CycloneDX scopes) (#309) @hboutemy
- extract dependencies conversion from Mojo to component (#301) @hboutemy
- clean pom, upgrade compiler plugin, use release (#299) @hboutemy
- add a test for Maven parent dependencies in reactor (#298) @hboutemy
- extract dependency analysis code that infers scope (#294) @hboutemy
- Fix typo in README (#285) @nielsbasjes
🚀 New features and improvements
- feat: expose the outputDirectory configuration parameter as a property (#321) @goldmann
- streamline plugin output (#304) @hboutemy
- add included Maven dependency scopes to tool description in SBOM (#300) @hboutemy
🐛 Bug Fixes
- Fixes #307, addresses cyclic dependencies created by self references (#308) @knrc
- Fixes #284, Switch to aether and filter artifacts based on individual… (#302) @knrc
- schema version 1.1 requires components cleanup from dependencies (#293) @hboutemy
📦 Dependency updates
- Bump maven-release-plugin from 3.0.0-M7 to 3.0.0 (#316) @dependabot
- Bump actions/checkout from 3.3.0 to 3.5.0 (#320) @dependabot
- Bump cyclonedx-core-java from 7.3.1 to 7.3.2 (#297) @dependabot
2.7.5
- document and test verbose (#280) @hboutemy
- simplify ITs code (#277) @hboutemy
- extract model converter DI component from base mojo (#275) @hboutemy
- move code out of base when possible (#268) @hboutemy
- Simplify code (#267) @hboutemy
- Explicit aggregate dependencies where necessary (#266) @hboutemy
- clarify exclude* parameters (#265) @hboutemy
🚀 New features and improvements
- add effective goal into BOM tool name (#283) @hboutemy
- add outputDirectory parameter (#279) @hboutemy
- Fix dependencies concealed during BOM creation, aligning more closely with the dependency graph (#256) @knrc
- mark makeBom and makeAggregatedBom threadsafe as makePackageBom (#264) @hboutemy
🐛 Bug Fixes
📦 Dependency updates
- Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 (#281) @dependabot
- Bump maven-invoker-plugin from 3.4.0 to 3.5.0 (#282) @dependabot
- Bump maven-enforcer-plugin from 3.1.0 to 3.2.1 (#270) @dependabot
- Bump actions/checkout from 3.2.0 to 3.3.0 (#255) @dependabot
- Bump junit-bom from 5.9.1 to 5.9.2 (#258) @dependabot
- Bump maven-plugin-plugin from 3.7.0 to 3.7.1 (#260) @dependabot
- Bump maven-plugin-annotations from 3.7.0 to 3.7.1 (#261) @dependabot
Full Changelog: cyclonedx-maven-plugin-2.7.4...cyclonedx-maven-plugin-2.7.5
2.7.4
- code cleanup: move parameter to aggregate, simplify code (#249) @hboutemy
- add goals description (#251) @hboutemy
- add release-drafter configuration (#247) @hboutemy
- fix multiple times BOM generation on multi-module makeAggregateBom (#242) @hboutemy
- use project.url for component website instead of organisation url (#241) @hboutemy
- improve README: no execution by default (#243) @hboutemy
- Simplifying effective pom generation (#238) @stevespringett
- Revert "don't use pom.distributionManagement.repository.url for BOM" (#244) @stevespringett
- don't use pom.distributionManagement.repository.url for BOM (#239) @hboutemy
- Add JUnit5 and vintage engine. #227 (#228) @robertk3s
- directly document parameters so it's picked by generated goal documen… (#230) @hboutemy
- add smoke tests for makeBom and makeAggregateBom (#234) @hboutemy
- improve menu and breadcrumbs (#229) @hboutemy
📦 Dependency updates
- Bump maven-plugin-api from 3.8.6 to 3.8.7 (#252) @dependabot
- Bump maven-core from 3.8.6 to 3.8.7 (#253) @dependabot
- Bump maven-invoker-plugin from 3.3.0 to 3.4.0 (#240) @dependabot
- Bump takari-plugin-integration-testing from 3.0.0 to 3.0.1 (#222) @dependabot
- Bump maven-dependency-tree from 3.2.0 to 3.2.1 (#224) @dependabot
- Bump actions/checkout from 3.1.0 to 3.2.0 (#231) @dependabot
- Bump cyclonedx-core-java from 7.2.1 to 7.3.1 (#235) @dependabot
Full Changelog: cyclonedx-maven-plugin-2.7.3...cyclonedx-maven-plugin-2.7.4