π New features and improvements
- Extended documentation by pointing out the allowed project types (#383) @r4fterman
- [409] Removes non-deployed artifacts from SBOM (#416) @ppkarwasz
- Addressing issue #388. Checking if URL is null, empty, or blank (usin⦠(#396) @mtgag
- replace maven.reproducible property with cdx:reproducible (#392) @hboutemy
- upgrade cyclonedx-maven-plugin to 2.7.9 to produce Reproducible SBOM (#368) @hboutemy
π Bug Fixes
- ignore bomGenerator.generate() call (#376) @seanly
- switch to m-plugin-report-p introduced in 3.9.0 (#381) @hboutemy
π¦ Dependency updates
- Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.8.2 to 3.10.1 (#413) @dependabot
- Bump org.apache.maven.plugins:maven-plugin-plugin from 3.9.0 to 3.10.1 (#412) @dependabot
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 (#404) @dependabot
- Bump actions/checkout from 4.1.0 to 4.1.1 (#408) @dependabot
- Bump commons-codec from 1.15 to 1.16.0 (#377) @dependabot
- Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#385) @dependabot
- Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#386) @dependabot
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 (#399) @dependabot
- Bump org.apache.commons:commons-compress from 1.22 to 1.24.0 in /src/it/makeAggregateBom/util (#400) @dependabot
- Bump actions/checkout from 3.5.3 to 4.1.0 (#401) @dependabot
- Bump org.xerial.snappy:snappy-java from 1.1.8.4 to 1.1.10.4 in /src/test/resources/bundle (#402) @dependabot
- Bump actions/checkout from 3.5.2 to 3.5.3 (#370) @dependabot
- Bump maven-release-plugin from 3.0.0 to 3.0.1 (#369) @dependabot
- Bump maven-source-plugin from 3.2.1 to 3.3.0 (#366) @dependabot
- Bump maven-plugin-plugin from 3.8.2 to 3.9.0 (#363) @dependabot