(arrow) branch main updated: MINOR: [Java] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 in /java (#41210)

Sun, 28 Apr 2024 22:05:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git


The following commit(s) were added to refs/heads/main by this push:
     new ff679790e7 MINOR: [Java] Bump org.cyclonedx:cyclonedx-maven-plugin 
from 2.7.11 to 2.8.0 in /java (#41210)
ff679790e7 is described below

commit ff679790e7a93969a13aa6842e2f70e7d6a208e5
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Apr 29 14:05:04 2024 +0900

    MINOR: [Java] Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 
2.8.0 in /java (#41210)
    
    Bumps 
[org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)
 from 2.7.11 to 2.8.0.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/releases";>org.cyclonedx:cyclonedx-maven-plugin's
 releases</a>.</em></p>
    <blockquote>
    <h2>2.8.0</h2>
    
    <ul>
    <li>Update CycloneDX Description Text (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/461";>#461</a>)
 <a href="https://github.com/msymons";><code>@​msymons</code></a></li>
    </ul>
    <h2>🚀 New features and improvements</h2>
    <ul>
    <li>convert external reference type by value instead of CONSTANT_NAME (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/480";>#480</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    <li>distribution-intake external reference is more accurate (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/477";>#477</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    <li>add 'build' lifecycle when CDX 1.5 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/462";>#462</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    <li>document SBOM external references (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/459";>#459</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    <li>improve site generation (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/458";>#458</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    <li>upgrade to CycloneDX 1.5 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/457";>#457</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    </ul>
    <h2>🐛 Bug Fixes</h2>
    <ul>
    <li>check if configured schemaVersion is supported (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/479";>#479</a>)
 <a href="https://github.com/hboutemy";><code>@​hboutemy</code></a></li>
    </ul>
    <h2>📦 Dependency updates</h2>
    <ul>
    <li>Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 
3.13.0 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/478";>#478</a>)
 <a href="https://github.com/dependabot";><code>@​dependabot</code></a></li>
    <li>Bump actions/checkout from 4.1.1 to 4.1.2 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/474";>#474</a>)
 <a href="https://github.com/dependabot";><code>@​dependabot</code></a></li>
    <li>Bump org.apache.commons:commons-compress from 1.24.0 to 1.26.0 in 
/src/it/makeAggregateBom/util (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/468";>#468</a>)
 <a href="https://github.com/dependabot";><code>@​dependabot</code></a></li>
    <li>Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/465";>#465</a>)
 <a href="https://github.com/dependabot";><code>@​dependabot</code></a></li>
    <li>Bump release-drafter/release-drafter from 5 to 6 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/464";>#464</a>)
 <a href="https://github.com/dependabot";><code>@​dependabot</code></a></li>
    <li>Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 (<a 
href="https://redirect.github.com/CycloneDX/cyclonedx-maven-plugin/pull/466";>#466</a>)
 <a href="https://github.com/dependabot";><code>@​dependabot</code></a></li>
    </ul>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/90e38178a7480b10b0f225cf6c2bc2f26b5a6eab";><code>90e3817</code></a>
 [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.8.0</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/eed838e3a76712054ff8eeeb0af04c64a7d0bd26";><code>eed838e</code></a>
 convert external reference type by value instead of default CONSTANT_NAME</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/3fd83bf3fef57fb5569cff378637b903ca39bf45";><code>3fd83bf</code></a>
 Bump org.apache.maven.plugins:maven-compiler-plugin</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/343c62dfe4a8bd983c1c77e06d37b8f285f09dbb";><code>343c62d</code></a>
 check if configured schemaVersion is supported</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/d0015429ef13f79503bb6d17e3b66f59a1b408a2";><code>d001542</code></a>
 distribution-intake external reference is more accurate</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/fa5541d39a58d6f09ec3b7a9a2ad1b8d7682bb18";><code>fa5541d</code></a>
 Bump actions/checkout from 4.1.1 to 4.1.2</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/a43cd056f3d6f319ff6e3de83cb62ebd9b2e29ec";><code>a43cd05</code></a>
 Bump org.apache.commons:commons-compress</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/31ff1f46643f888f91a27f02d9e82828f9b5590d";><code>31ff1f4</code></a>
 Bump org.junit:junit-bom from 5.10.1 to 5.10.2</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/ce8a6e70afbf2c7307f9a4a449ce8f4c80e03dc2";><code>ce8a6e7</code></a>
 Bump release-drafter/release-drafter from 5 to 6</li>
    <li><a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/commit/16dcb5b62fefe642cd29360141c512fd1ddcf2c0";><code>16dcb5b</code></a>
 Bump commons-codec:commons-codec from 1.16.0 to 1.16.1</li>
    <li>Additional commits viewable in <a 
href="https://github.com/CycloneDX/cyclonedx-maven-plugin/compare/cyclonedx-maven-plugin-2.7.11...cyclonedx-maven-plugin-2.8.0";>compare
 view</a></li>
    </ul>
    </details>
    <br />
    
    [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.cyclonedx:cyclonedx-maven-plugin&package-manager=maven&previous-version=2.7.11&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting `@ 
dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@ dependabot rebase` will rebase this PR
    - `@ dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
    - `@ dependabot merge` will merge this PR after your CI passes on it
    - `@ dependabot squash and merge` will squash and merge this PR after your 
CI passes on it
    - `@ dependabot cancel merge` will cancel a previously requested merge and 
block automerging
    - `@ dependabot reopen` will reopen this PR if it is closed
    - `@ dependabot close` will close this PR and stop Dependabot recreating 
it. You can achieve the same result by closing it manually
    - `@ dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
    - `@ dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
    - `@ dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
    - `@ dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
    
    </details>
    
    Authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
    Signed-off-by: David Li <[email protected]>
---
 java/maven/pom.xml | 2 +-
 java/pom.xml       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/maven/pom.xml b/java/maven/pom.xml
index 4314192eda..558532012a 100644
--- a/java/maven/pom.xml
+++ b/java/maven/pom.xml
@@ -65,7 +65,7 @@
         <plugin>
           <groupId>org.cyclonedx</groupId>
           <artifactId>cyclonedx-maven-plugin</artifactId>
-          <version>2.7.11</version>
+          <version>2.8.0</version>
         </plugin>
       </plugins>
     </pluginManagement>
diff --git a/java/pom.xml b/java/pom.xml
index 39fd1e00b6..f3639858d7 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -519,7 +519,7 @@
         <plugin>
           <groupId>org.cyclonedx</groupId>
           <artifactId>cyclonedx-maven-plugin</artifactId>
-          <version>2.7.11</version>
+          <version>2.8.0</version>
         </plugin>
         <plugin>
           <groupId>org.apache.drill.tools</groupId>

Reply via email to