Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

check if configured schemaVersion is supported #479

Merged
merged 1 commit into from
Mar 20, 2024

Conversation

hboutemy
Copy link
Contributor

fixes #469

in case of unsupported schemaVersion, warns and uses latest supported:

[INFO] --- cyclonedx-maven-plugin:2.8.0-SNAPSHOT:makeBom (default) @ issue-280 ---
[WARNING] Invalid schemaVersion configured '1.5.1', using 1.5
[INFO] CycloneDX: Resolving Dependencies
[INFO] CycloneDX: Creating BOM version 1.5 with 0 component(s)

@hboutemy hboutemy added the bug label Mar 20, 2024
@hboutemy hboutemy self-assigned this Mar 20, 2024
fixes #469

Signed-off-by: Hervé Boutemy <hboutemy@apache.org>
@hboutemy hboutemy force-pushed the effective-schema-version branch from 730be34 to 7c4e627 Compare March 20, 2024 11:20
@hboutemy hboutemy merged commit 343c62d into master Mar 20, 2024
5 checks passed
@hboutemy hboutemy deleted the effective-schema-version branch March 20, 2024 20:41
dongjoon-hyun pushed a commit to apache/spark that referenced this pull request Apr 16, 2024
### What changes were proposed in this pull request?

### Why are the changes needed?
- `exec-maven-plugin` from `3.1.0` to `3.2.0`
https://github.com/mojohaus/exec-maven-plugin/releases/tag/3.2.0
https://github.com/mojohaus/exec-maven-plugin/releases/tag/3.1.1
Bug Fixes:
1.Fix mojohaus/exec-maven-plugin#158 - Fix non ascii character handling (mojohaus/exec-maven-plugin#372)
2.[mojohaus/exec-maven-plugin#323] exec arguments missing (mojohaus/exec-maven-plugin#324)

- `build-helper-maven-plugin` from `3.4.0` to `3.5.0`
https://github.com/mojohaus/build-helper-maven-plugin/releases/tag/3.5.0

- `maven-compiler-plugin` from `3.12.1` to `3.13.0`
https://github.com/apache/maven-compiler-plugin/releases/tag/maven-compiler-plugin-3.13.0

- `maven-jar-plugin` from `3.3.0` to `3.4.0`
https://github.com/apache/maven-jar-plugin/releases/tag/maven-jar-plugin-3.4.0
[[MJAR-62]](https://issues.apache.org/jira/browse/MJAR-62) - Set Build-Jdk according to used toolchain (apache/maven-jar-plugin#73)

- `maven-source-plugin` from `3.3.0` to `3.3.1`
https://github.com/apache/maven-source-plugin/releases/tag/maven-source-plugin-3.3.1

- `maven-assembly-plugin` from `3.6.0` to `3.7.1`
https://github.com/apache/maven-assembly-plugin/releases/tag/maven-assembly-plugin-3.7.1
https://github.com/apache/maven-assembly-plugin/releases/tag/maven-assembly-plugin-3.7.0
Bug Fixes:
1.[[MASSEMBLY-967](https://issues.apache.org/jira/browse/MASSEMBLY-967)] - maven-assembly-plugin doesn't add target/class artifacts in generated jarfat but META-INF/MANIFEST.MF seems to be correct
2.[[MASSEMBLY-994](https://issues.apache.org/jira/browse/MASSEMBLY-994)] - Items from unpacked dependency are not refreshed
3.[[MASSEMBLY-998](https://issues.apache.org/jira/browse/MASSEMBLY-998)] - Transitive dependencies are not properly excluded as of 3.1.1
4.[[MASSEMBLY-1008](https://issues.apache.org/jira/browse/MASSEMBLY-1008)] - Assembly plugin handles scopes wrongly
5.[[MASSEMBLY-1020](https://issues.apache.org/jira/browse/MASSEMBLY-1020)] - Cannot invoke "java.io.File.isFile()" because "this.inputFile" is null
6.[[MASSEMBLY-1021](https://issues.apache.org/jira/browse/MASSEMBLY-1021)] - Nullpointer in assembly:single when upgrading to 3.7.0
7.[[MASSEMBLY-1022](https://issues.apache.org/jira/browse/MASSEMBLY-1022)] - Unresolved artifacts should be not processed

- `cyclonedx-maven-plugin` from `2.7.9` to `2.8.0`
https://github.com/CycloneDX/cyclonedx-maven-plugin/releases/tag/cyclonedx-maven-plugin-2.8.0
https://github.com/CycloneDX/cyclonedx-maven-plugin/releases/tag/cyclonedx-maven-plugin-2.7.11
https://github.com/CycloneDX/cyclonedx-maven-plugin/releases/tag/cyclonedx-maven-plugin-2.7.10
Bug Fixes:
1.check if configured schemaVersion is supported (CycloneDX/cyclonedx-maven-plugin#479)
2.ignore bomGenerator.generate() call (CycloneDX/cyclonedx-maven-plugin#376)

### Does this PR introduce _any_ user-facing change?
No.

### How was this patch tested?
Pass GA.

### Was this patch authored or co-authored using generative AI tooling?
No.

Closes #46043 from panbingkun/update_maven_plugins.

Authored-by: panbingkun <panbingkun@baidu.com>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

cyclonedx-maven-plugin 2.7.11 generates SBOM 1.4 when configuring 1.5 schemaVersion
1 participant