Public
  1. Public

arrow

Public

Commits

dependabot[bot]GitHub
f38ae607983
dependabot[bot] authored and GitHub committed 1950f8000fa
MINOR: [Java] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 in /java (#39948)

Bumps [org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) from 2.7.10 to 2.7.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/releases">org.cyclonedx:cyclonedx-maven-plugin's releases</a>.</em></p>
<blockquote>
<h2>2.7.11</h2>

<h2>🚀 New features and improvements</h2>
<ul>
<li>rename convert methohds to explicit project vs dependency (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/456">#456</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>cleanup unused code (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/455">#455</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>test dependency type=zip for <a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/431">#431</a> (reverts <a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/9">#9</a>) (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/454">#454</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>Support metadata when dependency is any other dependency type than jar (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/431">#431</a>) <a href="https://github.com/AlbGarciam"><code>@​AlbGarciam</code></a></li>
<li>Add support for custom external references (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/428">#428</a>) <a href="https://github.com/vy"><code>@​vy</code></a></li>
<li>Add a configuration option to skip undeployed artifacts (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/435">#435</a>) <a href="https://github.com/ppkarwasz"><code>@​ppkarwasz</code></a></li>
<li>use metadata properties in UUID (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/441">#441</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>Generate serial numbers deterministically (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/420">#420</a>) (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/425">#425</a>) <a href="https://github.com/vy"><code>@​vy</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li>define plugin-tools.version property (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/453">#453</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.2 to 3.11.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/451">#451</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.2 to 3.11.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/450">#450</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.2 to 3.11.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/449">#449</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/447">#447</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.1 to 3.10.2 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/445">#445</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.4.5 to 3.5.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/442">#442</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/443">#443</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.10.1 to 3.10.2 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/444">#444</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/422">#422</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.10.1 to 3.10.2 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/424">#424</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/438">#438</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/setup-java from 3 to 4 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/437">#437</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-plugin-report-plugin from 3.9.0 to 3.10.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/417">#417</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/349fe7cc7fd8b7f2224075b5fe7d73e7f0832140"><code>349fe7c</code></a> [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.7.11</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/2d130a0c194012f8101a7f3b0b80aab47a3f009c"><code>2d130a0</code></a> rename convert methohds to explicit project vs dependency</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/051be8e20605dec7ece3b1fba7833ed9f444bc54"><code>051be8e</code></a> cleanup unused code</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/d0e6cb5f91b29caaeb06fe459590d2c0c514c8fa"><code>d0e6cb5</code></a> test dependency type=zip for <a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/431">#431</a> (reverts <a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/9">#9</a>)</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/46837cdbde2f674fb29a800e61d0a30df0ca6abb"><code>46837cd</code></a> Update DefaultModelConverter.java to support Zip files</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/dc90b21db46e2d92d86d85f54002ac568252f388"><code>dc90b21</code></a> define plugin-tools.version property</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/8836cbd26de1aacc08dc5dac0654cf6750d5b79a"><code>8836cbd</code></a> Add support for custom external references (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/issues/428">#428</a>)</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/86410aa253c2f19a581e624314ab027a9b741440"><code>86410aa</code></a> Bump org.apache.maven.plugin-tools:maven-plugin-annotations</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/4d71b50d5ab0e40355819e5fb7d082422ffff64b"><code>4d71b50</code></a> Bump org.apache.maven.plugins:maven-plugin-report-plugin</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/70aae8e714beea657efe94733a81e6fd5ef0fe93"><code>70aae8e</code></a> Bump org.apache.maven.plugins:maven-plugin-plugin from 3.10.2 to 3.11.0</li>
<li>Additional commits viewable in <a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/compare/cyclonedx-maven-plugin-2.7.10...cyclonedx-maven-plugin-2.7.11">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.cyclonedx:cyclonedx-maven-plugin&package-manager=maven&previous-version=2.7.10&new-version=2.7.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@ dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@ dependabot rebase` will rebase this PR
- `@ dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@ dependabot merge` will merge this PR after your CI passes on it
- `@ dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@ dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@ dependabot reopen` will reopen this PR if it is closed
- `@ dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@ dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@ dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@ dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@ dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>