Skip to content

Releases: CycloneDX/cyclonedx-maven-plugin

2.9.0

08 Oct 05:05
Compare
Choose a tag to compare

🎉 Major features and improvements

🔧 Build

2.8.2

25 Sep 20:12
Compare
Choose a tag to compare

🐛 Bug Fixes

📦 Dependency updates

  • Bump plugin-tools.version from 3.13.1 to 3.15.0 (#551) @dependabot
  • Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.1 to 3.7.0 (#552) @dependabot
  • Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 (#546) @dependabot
  • Bump commons-codec:commons-codec from 1.17.0 to 1.17.1 (#537) @dependabot

2.8.1

03 Aug 23:03
Compare
Choose a tag to compare

🚀 New features and improvements

📦 Dependency updates

  • upgrade cyclonedx-maven-plugin from 2.7.9 to 2.8.0 (#536) @hboutemy
  • Bump net.javacrumbs.json-unit:json-unit-assertj from 2.38.0 to 2.40.1 (#532) @dependabot
  • Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 (#535) @dependabot
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 (#533) @dependabot
  • Bump org.junit:junit-bom from 5.10.2 to 5.10.3 (#527) @dependabot
  • Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (#528) @dependabot
  • Bump plugin-tools.version from 3.13.0 to 3.13.1 (#519) @dependabot
  • Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.1 (#525) @dependabot
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 (#511) @dependabot
  • Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#512) @dependabot
  • Bump actions/checkout from 4.1.6 to 4.1.7 (#515) @dependabot
  • Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 (#509) @dependabot
  • Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 (#508) @dependabot
  • Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 (#507) @dependabot
  • Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 1.14.1 (#503) @dependabot
  • Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#501) @dependabot
  • Bump plugin-tools.version from 3.12.0 to 3.13.0 (#499) @dependabot
  • Bump actions/checkout from 4.1.5 to 4.1.6 (#502) @dependabot
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 (#488) @dependabot
  • Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.1 (#482) @dependabot
  • Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 (#490) @dependabot
  • Bump actions/checkout from 4.1.2 to 4.1.5 (#496) @dependabot
  • Bump plugin-tools.version from 3.11.0 to 3.12.0 (#484) @dependabot

2.8.0

23 Mar 12:39
Compare
Choose a tag to compare

🚀 New features and improvements

🐛 Bug Fixes

  • check if configured schemaVersion is supported (#479) @hboutemy

📦 Dependency updates

  • Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 (#478) @dependabot
  • Bump actions/checkout from 4.1.1 to 4.1.2 (#474) @dependabot
  • Bump org.apache.commons:commons-compress from 1.24.0 to 1.26.0 in /src/it/makeAggregateBom/util (#468) @dependabot
  • Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#465) @dependabot
  • Bump release-drafter/release-drafter from 5 to 6 (#464) @dependabot
  • Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 (#466) @dependabot

2.7.11

16 Jan 08:07
Compare
Choose a tag to compare

🚀 New features and improvements

📦 Dependency updates

  • define plugin-tools.version property (#453) @hboutemy
  • Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.2 to 3.11.0 (#451) @dependabot
  • Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.2 to 3.11.0 (#450) @dependabot
  • Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.2 to 3.11.0 (#449) @dependabot
  • Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 (#447) @dependabot
  • Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.1 to 3.10.2 (#445) @dependabot
  • Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.4.5 to 3.5.0 (#442) @dependabot
  • Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#443) @dependabot
  • Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.1 to 3.10.2 (#444) @dependabot
  • Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#422) @dependabot
  • Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.1 to 3.10.2 (#424) @dependabot
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 (#438) @dependabot
  • Bump actions/setup-java from 3 to 4 (#437) @dependabot
  • Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.9.0 to 3.10.1 (#417) @dependabot

2.7.10

30 Oct 00:46
Compare
Choose a tag to compare

🚀 New features and improvements

  • Extended documentation by pointing out the allowed project types (#383) @r4fterman
  • [409] Removes non-deployed artifacts from SBOM (#416) @ppkarwasz
  • Addressing issue #388. Checking if URL is null, empty, or blank (usin… (#396) @mtgag
  • replace maven.reproducible property with cdx:reproducible (#392) @hboutemy
  • upgrade cyclonedx-maven-plugin to 2.7.9 to produce Reproducible SBOM (#368) @hboutemy

🐛 Bug Fixes

📦 Dependency updates

  • Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.8.2 to 3.10.1 (#413) @dependabot
  • Bump org.apache.maven.plugins:maven-plugin-plugin from 3.9.0 to 3.10.1 (#412) @dependabot
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 (#404) @dependabot
  • Bump actions/checkout from 4.1.0 to 4.1.1 (#408) @dependabot
  • Bump commons-codec from 1.15 to 1.16.0 (#377) @dependabot
  • Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#385) @dependabot
  • Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#386) @dependabot
  • Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 (#399) @dependabot
  • Bump org.apache.commons:commons-compress from 1.22 to 1.24.0 in /src/it/makeAggregateBom/util (#400) @dependabot
  • Bump actions/checkout from 3.5.3 to 4.1.0 (#401) @dependabot
  • Bump org.xerial.snappy:snappy-java from 1.1.8.4 to 1.1.10.4 in /src/test/resources/bundle (#402) @dependabot
  • Bump actions/checkout from 3.5.2 to 3.5.3 (#370) @dependabot
  • Bump maven-release-plugin from 3.0.0 to 3.0.1 (#369) @dependabot
  • Bump maven-source-plugin from 3.2.1 to 3.3.0 (#366) @dependabot
  • Bump maven-plugin-plugin from 3.8.2 to 3.9.0 (#363) @dependabot

2.7.9

16 May 19:03
Compare
Choose a tag to compare

🚀 New features and improvements

  • Add a test to ensure we handle relocations, closes #289 (#360) @knrc
  • Add support for maven optionality, fixes #314 (#356) @knrc
  • Remove extra dependency collection through Mojo annotation, fixes #354 (#355) @knrc
  • support Reproducible SBOM: drop UUID and timestamp when RB mode enabled (#353) @hboutemy

🐛 Bug Fixes

📦 Dependency updates

2.7.8

25 Apr 19:50
Compare
Choose a tag to compare

🐛 Bug Fixes

  • Remove code generating resolved PURLs, fixes performance issue #311 (#345) @knrc

📦 Dependency updates

2.7.7

17 Apr 22:45
Compare
Choose a tag to compare

🐛 Bug Fixes

  • simplify external references addition (#341) @hboutemy
  • use metadata properties instead of tool name (#340) @hboutemy
  • Fix issue #263, handling ci-friendly properties in the parent references (#334) @knrc
  • Fix performance issue for aggregates, fixes #324 (#333) @knrc

📦 Dependency updates

2.7.6

03 Apr 07:44
Compare
Choose a tag to compare

🚀 New features and improvements

  • feat: expose the outputDirectory configuration parameter as a property (#321) @goldmann
  • streamline plugin output (#304) @hboutemy
  • add included Maven dependency scopes to tool description in SBOM (#300) @hboutemy

🐛 Bug Fixes

  • Fixes #307, addresses cyclic dependencies created by self references (#308) @knrc
  • Fixes #284, Switch to aether and filter artifacts based on individual… (#302) @knrc
  • schema version 1.1 requires components cleanup from dependencies (#293) @hboutemy

📦 Dependency updates