Public
  1. Public

arrow

Public

Commits

dependabot[bot]GitHub
51d50d75001
dependabot[bot] authored and GitHub committed 5996f51631b
MINOR: [Java] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 in /java (#43562)

Bumps [org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) from 2.8.0 to 2.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/releases">org.cyclonedx:cyclonedx-maven-plugin's releases</a>.</em></p>
<blockquote>
<h2>2.8.1</h2>

<h2>🚀 New features and improvements</h2>
<ul>
<li>replace CDX 1.5 deprecated tool (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/517">#517</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>make classifier used to attach the sbom configurable (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/506">#506</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li>upgrade cyclonedx-maven-plugin from 2.7.9 to 2.8.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/536">#536</a>) <a href="https://github.com/hboutemy"><code>@​hboutemy</code></a></li>
<li>Bump net.javacrumbs.json-unit:json-unit-assertj from 2.38.0 to 2.40.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/532">#532</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/535">#535</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/533">#533</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.junit:junit-bom from 5.10.2 to 5.10.3 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/527">#527</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/528">#528</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump plugin-tools.version from 3.13.0 to 3.13.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/519">#519</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/525">#525</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/511">#511</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/512">#512</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/515">#515</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/509">#509</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/508">#508</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/507">#507</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 1.14.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/503">#503</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/501">#501</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump plugin-tools.version from 3.12.0 to 3.13.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/499">#499</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 4.1.5 to 4.1.6 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/502">#502</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/488">#488</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/482">#482</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/490">#490</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 4.1.2 to 4.1.5 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/496">#496</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
<li>Bump plugin-tools.version from 3.11.0 to 3.12.0 (<a href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/484">#484</a>) <a href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/2de88e577e53307c2db434310353472d28a5256d"><code>2de88e5</code></a> [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.8.1</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/1510a024da3f6a0d2557dd85ce4a06abf0e167c3"><code>1510a02</code></a> upgrade cyclonedx-maven-plugin from 2.7.9 to 2.8.0</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/448d117b78c59bebe308c647442830be26122299"><code>448d117</code></a> Bump net.javacrumbs.json-unit:json-unit-assertj from 2.38.0 to 2.40.1</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/cfcf26b5936d2765083bdb7bf3a908597dc3a431"><code>cfcf26b</code></a> Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/f95fe874423b548a72e54a795a0ae409d4d00dcb"><code>f95fe87</code></a> Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/4ee61c3d970f10b78762a591f9cdc7fc1578b26c"><code>4ee61c3</code></a> Bump org.junit:junit-bom from 5.10.2 to 5.10.3</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/8eb5316725f9e8867f500a0c8ab6fd7e94b92769"><code>8eb5316</code></a> Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/4c77122a533aa8d2bbb1a485befb5d44f1a760a4"><code>4c77122</code></a> replace CDX 1.5 deprecated tool</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/7f34a10c7acf748deff675994b17d5e7f1a00745"><code>7f34a10</code></a> Bump plugin-tools.version from 3.13.0 to 3.13.1</li>
<li><a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/ab713bb39628b51af102f79bd7eab14a17ff4254"><code>ab713bb</code></a> Bump org.apache.maven.plugins:maven-project-info-reports-plugin</li>
<li>Additional commits viewable in <a href="https://github.com/CycloneDX/cyclonedx-maven-plugin/compare/cyclonedx-maven-plugin-2.8.0...cyclonedx-maven-plugin-2.8.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.cyclonedx:cyclonedx-maven-plugin&package-manager=maven&previous-version=2.8.0&new-version=2.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@ dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@ dependabot rebase` will rebase this PR
- `@ dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@ dependabot merge` will merge this PR after your CI passes on it
- `@ dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@ dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@ dependabot reopen` will reopen this PR if it is closed
- `@ dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@ dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@ dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@ dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@ dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Dane Pitkin <dpitkin@apache.org>