Releases · CycloneDX/cyclonedx-gradle-plugin

15 Jan 14:36

cyclonedx-gradle-plugin-2.0.0

bfc23ae

2.0.0 Latest

Latest

CycloneDX Gradle Plugin version 2.0.0 features a comprehensive codebase overhaul for improved structure and maintainability, along with new capabilities such as Gradle Configuration Cache support and enhanced dependency resolution for various artifact types, including AAR, WAR, and ZIP files. This update also addresses critical issues, resolving indefinite loops during dependency resolution, ensuring consistent and accurate outcomes, and eliminating problems related to missing dependencies.

🚀 New Features

New Implementation for CycloneDX Gradle Plugin: Enhanced BOM generation with a new implementation. By @gordonrousselle in #532
Add Git External Reference: Introduced the ability to include Git as an external reference. By @barblin in #520
Retrieve Build-System Metadata: The build system now retrieves metadata directly from the environment. By @jeremylong in #546

🛠️ Improvements & Fixes

Use Lenient Artifact View: Updated artifact handling for improved leniency. By @jeremylong in #539
Fix Component Version in PURL: Ensured correct usage of the configured component version in PURL. By @jeremylong in #542
Avoid Deprecated Tools Section: Removed reliance on deprecated tools sections. By @jeremylong in #544
Improve Documentation: Fixed typos, clarified warnings resolution, and updated Git documentation. By @TheManWhoStaresAtCode, @barblin, and @jeremylong in #504, #543, and #547

🔧 Dependency Updates

Gradle Wrapper updates:
- From 8.10 to 8.12 via multiple PRs by @github-actions (#506, #516, #533, and #559).
Library and action updates by @dependabot:
- CycloneDX Core Java: From 9.0.5 to 10.1.0 (#526, #550, #560)
- Actions: Setup Java, Checkout, Upload Artifact, and Gradle Actions (#507, #518, #556, and more)
- Commons-IO and Commons-Codec libraries (#515, #537, #561)

🧑‍💻 New Contributors

@TheManWhoStaresAtCode made their first contribution in #504
@gordonrousselle made their first contribution in #532
@jeremylong made their first contribution in #539
@barblin made their first contribution in #520

📜 Full Changelog

build(deps): bump org.cyclonedx.bom from 1.9.0 to 1.10.0 by @dependabot in #499
Update Gradle Wrapper from 8.10 to 8.10.1 by @github-actions in #506
build(deps): bump actions/setup-java from 4.2.2 to 4.3.0 by @dependabot in #507
Introduce code formatting constraints by @skhokhlov in #508
build(deps): bump com.gradle.plugin-publish from 1.2.1 to 1.3.0 by @dependabot in #512
build(deps): bump gradle/actions from 4.0.0 to 4.1.0 by @dependabot in #513
Update Gradle Wrapper from 8.10.1 to 8.10.2 by @github-actions in #516
refactor: decouple methods and add debug logging by @skhokhlov in #510
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #518
build(deps): bump gradle-update/update-gradle-wrapper-action from 1.0.20 to 2.0.0 by @dependabot in #514
build(deps): bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in #515
build(deps): bump actions/setup-java from 4.3.0 to 4.4.0 by @dependabot in #517
build(deps): bump org.cyclonedx:cyclonedx-core-java from 9.0.5 to 9.1.0 by @dependabot in #526
build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.3 by @dependabot in #524
build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #522
fix typos in README.md by @TheManWhoStaresAtCode in #504
build(deps): bump actions/setup-java from 4.4.0 to 4.5.0 by @dependabot in #531
build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #530
Update Gradle Wrapper from 8.10.2 to 8.11 by @github-actions in #533
build(deps): bump gradle/actions from 4.1.0 to 4.2.0 by @dependabot in #534
Update Gradle Wrapper from 8.11 to 8.11.1 by @github-actions in #538
Feat/new implementation cyclonedx bom by @gordonrousselle in #532
build(deps): bump gradle/actions from 4.2.0 to 4.2.1 by @dependabot in #536
build(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0 by @dependabot in #537
fix: use lenient artifact view by @jeremylong in #539
fix: use configured componentVersion in PURL by @jeremylong in #542
docs: document parameter to resolve build warnings by @jeremylong in #543
fix: avoid using deprecated tools section by @jeremylong in #544
build: prepare version 2.0.0-alpha-0 by @skhokhlov in #545
feat: add git external reference. by @barblin in #520
docs: fix vcs git docu and some spelling errors by @barblin in #547
build(deps): bump org.cyclonedx:cyclonedx-core-java from 9.1.0 to 10.0.0 by @dependabot in #550
feat: retrieve build-system metadata from build environment by @jeremylong in #546
Version 2.0.0-alpha-1 by @skhokhlov in #552
build(deps): bump org.junit.jupiter:junit-jupiter-engine from 5.11.3 to 5.11.4 by @dependabot in #553
build(deps): bump org.junit.jupiter:junit-jupiter-api from 5.11.3 to 5.11.4 by @dependabot in #554
build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #555
build(deps): bump gradle/actions from 4.2.1 to 4.2.2 by @dependabot in #556
build(deps): bump actions/setup-java from 4.5.0 to 4.6.0 by @dependabot in #557
build(deps): bump org.cyclonedx:cyclonedx-core-java from 10.0.0 to 10.1.0 by @dependabot in #560
build(deps): bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot in #561
build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #564
Update Gradle Wrapper from 8.11.1 to 8.12 by @github-actions in #559
build: prepare release version 2.0.0 by @skhokhlov in #566

cyclonedx-gradle-plugin-1.10.0...cyclonedx-gradle-plugin-2.0.0

Contributors

jeremylong, skhokhlov, and 4 other contributors

Assets 2

16 Dec 12:34

skhokhlov

cyclonedx-gradle-plugin-2.0.0-alpha-1

44ecd3a

2.0.0-alpha-1 Pre-release

Pre-release

What's Changed

feat: add git external reference. by @barblin in #520
docs: fix vcs git docu and some spelling errors by @barblin in #547
build(deps): bump org.cyclonedx:cyclonedx-core-java from 9.1.0 to 10.0.0 by @dependabot in #550
feat: retrieve build-system metadata from build environment by @jeremylong in #546

New Contributors

@barblin made their first contribution in #520

Full Changelog: cyclonedx-gradle-plugin-2.0.0-alpha-0...cyclonedx-gradle-plugin-2.0.0-alpha-1

Contributors

jeremylong, barblin, and dependabot

Assets 2

03 Dec 17:19

skhokhlov

cyclonedx-gradle-plugin-2.0.0-alpha-0

ea6cd10

2.0.0-alpha-0 Pre-release

Pre-release

Features

Support for Gradle configuration cache by @gordonrousselle in #532

Bug Fixes

Fix incorrect dependency resolution #367 by @gordonrousselle in #532
Fix incorrect dependency loop handling #528 by @gordonrousselle in #532
fix: use lenient artifact view by @jeremylong in #539
fix: avoid using deprecated tools section by @jeremylong in #544

Other Changes

build(deps): bump org.cyclonedx.bom from 1.9.0 to 1.10.0 by @dependabot in #499
Update Gradle Wrapper from 8.10 to 8.10.1 by @github-actions in #506
build(deps): bump actions/setup-java from 4.2.2 to 4.3.0 by @dependabot in #507
Introduce code formatting constraints by @skhokhlov in #508
build(deps): bump com.gradle.plugin-publish from 1.2.1 to 1.3.0 by @dependabot in #512
build(deps): bump gradle/actions from 4.0.0 to 4.1.0 by @dependabot in #513
Update Gradle Wrapper from 8.10.1 to 8.10.2 by @github-actions in #516
refactor: decouple methods and add debug logging by @skhokhlov in #510
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #518
build(deps): bump gradle-update/update-gradle-wrapper-action from 1.0.20 to 2.0.0 by @dependabot in #514
build(deps): bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in #515
build(deps): bump actions/setup-java from 4.3.0 to 4.4.0 by @dependabot in #517
build(deps): bump org.cyclonedx:cyclonedx-core-java from 9.0.5 to 9.1.0 by @dependabot in #526
build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.3 by @dependabot in #524
build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #522
fix typos in README.md by @TheManWhoStaresAtCode in #504
build(deps): bump actions/setup-java from 4.4.0 to 4.5.0 by @dependabot in #531
build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #530
Update Gradle Wrapper from 8.10.2 to 8.11 by @github-actions in #533
build(deps): bump gradle/actions from 4.1.0 to 4.2.0 by @dependabot in #534
Update Gradle Wrapper from 8.11 to 8.11.1 by @github-actions in #538
Feat/new implementation cyclonedx bom by @gordonrousselle in #532
build(deps): bump gradle/actions from 4.2.0 to 4.2.1 by @dependabot in #536
build(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0 by @dependabot in #537
fix: use configured componentVersion in PURL by @jeremylong in #542
docs: document parameter to resolve build warnings by @jeremylong in #543

New Contributors

@TheManWhoStaresAtCode made their first contribution in #504
@gordonrousselle made their first contribution in #532
@jeremylong made their first contribution in #539

Full Changelog: cyclonedx-gradle-plugin-1.10.0...cyclonedx-gradle-plugin-2.0.0-alpha-0

Contributors

jeremylong, skhokhlov, and 3 other contributors

Assets 2

19 Aug 11:51

skhokhlov

cyclonedx-gradle-plugin-1.10.0

507ecd5

1.10.0

Features

Order components and dependencies by purl and ref to have reproducible output by @emirmx in #457
feat: add includeMetadataResolution property by @skhokhlov in #477

Bug Fixes

Include local project dependencies as components #432 by @loicrouchon in #474
fix: check that plugin.properties file exists by @skhokhlov in #489

Other Changes

build(deps): bump org.cyclonedx.bom from 1.8.2 to 1.9.0 by @dependabot in #473
chore: add proper configuration for thread lock by @skhokhlov in #476
build: update gradle actions by @skhokhlov in #475
build(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #480
build(deps): bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot in #483
build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #484
build(deps): migrate to gradle actions v4 by @skhokhlov in #486
build: run dependency-submission only on master branch by @skhokhlov in #488
chore: run thread lock less frequent by @skhokhlov in #490
build: run dependency-submission only on master by @skhokhlov in #491
build(deps): bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot in #487
Update Gradle Wrapper from 8.9 to 8.10 by @github-actions in #492
build: bump cyclonedx-core-java to 9.0.5 by @skhokhlov in #493
Update issue templates by @skhokhlov in #494
build(deps): bump org.apache.maven:maven-core from 3.9.8 to 3.9.9 by @dependabot in #496

New Contributors

@emirmx made their first contribution in #457

Full Changelog: cyclonedx-gradle-plugin-1.9.0...cyclonedx-gradle-plugin-1.10.0

Contributors

skhokhlov, loicrouchon, and 2 other contributors

Assets 2

25 Jul 19:34

skhokhlov

cyclonedx-gradle-plugin-1.9.0

1f2b502

1.9.0

What's Changed

Support for CycloneDX 1.6 in #444
New componentName configuration property in #467
Support for zip artifacts in #413
build(deps): bump org.cyclonedx.bom from 1.8.1 to 1.8.2 by @dependabot in #389
build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.1 by @dependabot in #397
Update Gradle Wrapper from 8.5 to 8.6 by @github-actions in #396
build(deps): bump gradle/wrapper-validation-action from 1.1.0 to 2.0.0 by @dependabot in #395
build(deps): bump gradle/gradle-build-action from 2.11.1 to 3.0.0 by @dependabot in #394
fix: move plugin.properties to namespaced location by @gcx-seb in #380
build(deps): bump gradle/gradle-build-action from 3.0.0 to 3.1.0 by @dependabot in #402
build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #406
build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.1 by @dependabot in #418
build(deps): bump gradle/gradle-build-action from 3.1.0 to 3.2.1 by @dependabot in #417
Update Gradle Wrapper from 8.6 to 8.7 by @github-actions in #412
build(deps): bump gradle/wrapper-validation-action from 2.0.0 to 3.3.0 by @dependabot in #421
build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 by @dependabot in #427
build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #426
build(deps): bump gradle/wrapper-validation-action from 3.3.0 to 3.3.1 by @dependabot in #425
build(deps): bump gradle/gradle-build-action from 3.2.1 to 3.3.1 by @dependabot in #424
fix for issue #331 by @zkstchhh in #413
build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #460
build(deps): bump actions/checkout from 4.1.3 to 4.1.7 by @dependabot in #447
chore: Create CODEOWNERS by @jkowalleck in #465
docs: Update README.md by @prncoprs in #409
build(deps): bump actions/setup-java from 4.0.0 to 4.2.1 by @dependabot in #408
print all parsing errors during BOM validation by @skhokhlov in #445
build(deps): bump org.apache.maven:maven-core from 3.9.6 to 3.9.8 by @dependabot in #452
build(deps): bump commons-codec:commons-codec from 1.16.0 to 1.17.1 by @dependabot in #462
test: verify that schema version 1.5 is used by default by @skhokhlov in #468
Update Gradle Wrapper from 8.7 to 8.9 by @github-actions in #461
fix: fail plugin execution if group, name, or version are not set by @skhokhlov in #469
upgrade cyclonedx-core-java to 9.x.x by @skhokhlov in #444
Enable override of the default component name by @MH-17 in #467
build: prepare version 1.9.0 by @skhokhlov in #470