Maven plugin to check if dependencies in CycloneDX BOM files use only allowed licenses.

Related tags

Spring Boot license-checker-cyclonedx-maven-plugin
Overview

Java CI with Maven CodeQL Quality Gate Status

Maven Central License

license-checker-cyclonedx-maven-plugin

Maven plugin to check if dependencies in CycloneDX BOM files use only allowed licenses.

Quick start guide

1. Add plugins below to the <plugins> section of your pom.xml (the sequence of plugin declaration is important)

  <plugin>
    <groupId>org.cyclonedx</groupId>
    <artifactId>cyclonedx-maven-plugin</artifactId>
    <version>2.5.3</version>
    <executions>
      <execution>
        <phase>package</phase>
        <goals>
          <goal>makeAggregateBom</goal>
        </goals>
      </execution>
    </executions>
    <configuration>
      <outputFormat>json</outputFormat>
    </configuration>
  </plugin>
  <plugin>
    <groupId>io.github.remisbaima</groupId>
    <artifactId>license-checker-cyclonedx-maven-plugin</artifactId>
    <version>0.2.1</version> <!-- x-release-please-version -->
    <executions>
      <execution>
        <phase>package</phase>
        <goals>
          <goal>check</goal>
        </goals>
      </execution>
    </executions>
    <configuration>
      <!-- VALUES BELOW MUST BE CUSTOMISED FOR EACH COMPANY/TEAM/PROJECT -->
      <allowedLicenses>MIT,https://www.apache.org/licenses/LICENSE-1.1</allowedLicenses>
      <allowedLicensesJson>${project.basedir}/licenses.json</allowedLicensesJson>
      <allowedLicensesJsonPath>$[?(@.License_Conflicts=='No')].License_SPDX</allowedLicensesJsonPath>
      <ignoredDependencies>org.codehaus.woodstox:stax2-api:4.2.1</ignoredDependencies>
    </configuration>
  </plugin>

See ${project.basedir}/licenses.json

2. Configure plugin options

Option Description
allowedLicenses Comma separated list of SPDX licenses (ID, URL or name) allowed to be used
allowedLicensesJson URL or file path of a JSON content containing the list of SPDX licenses
allowedLicensesJsonPath Semicolon separated list of JSONPath expressions to extract from the allowedLicensesJson the licenses allowed to be used
ignoredDependencies Comma separated list of dependencies to ignore in the format <groupId>:<artifactId>:<version>. This is useful when the CycloneDX Maven Plugin cannot identify the license ID, URL or name of a dependency. If any entry from this list is found in the BOM, it will be ignored and logged with [WARNING] since dependencies without a clear license are generally old or not well maintained and should be updated or replaced.
Note

To quickly develop and test a JSONPath expression you can use e.g.: http://jsonpath.herokuapp.com/

3. Run Maven

mvn package -DskipTests

Requirements

Disclaimer

This is not a compliance tool. There are other tools for this purpose e.g. https://dependencytrack.org/

This plugin is more of a development tool to help developers check as soon as possible if a dependency they want to use has a license allowed by their company policies.

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

To contribute

Just create a PR :-)

Useful resources:

Comments
  • chore(main): release 0.2.1

    chore(main): release 0.2.1

    :robot: I have created a release beep boop

    0.2.1 (2022-05-02)

    Bug Fixes

    • downgrade minimum Maven version from 3.6.3 to 3.5.0 (5e920b5)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(main): release 0.2.0

    chore(main): release 0.2.0

    :robot: I have created a release beep boop

    0.2.0 (2022-05-02)

    Features

    • add support for semicolon separated list of JSONPath expressions (3460c6a)

    Bug Fixes

    • add test for NPE when license does not exist (48fffe6)
    • fix NPE when license does not exist (d21246e)
    • Sonarcloud finding (fbc9b16)

    Documentation

    • update link to check JSONPath (fb752d1)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(main): release 0.1.0

    chore(main): release 0.1.0

    :robot: I have created a release beep boop

    0.1.0 (2022-05-01)

    Features

    • allowed licenses can also contain URL and name (besides ID) (f5e4326)
    • log more details of invalid licenses (c49bcbf)

    Documentation

    • add "-DskipTests" to doc so user can build faster (6608be7)
    • doc usage of license ID, URL or name (5415002)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(main): release 0.0.5

    chore(main): release 0.0.5

    opened by remisbaima 2
  • chore(main): release 0.0.4

    chore(main): release 0.0.4

    :robot: I have created a release beep boop

    0.0.4 (2022-04-24)

    Miscellaneous Chores

    Documentation

    • add comments in readme to update version (64b1490)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(main): release 0.0.3

    chore(main): release 0.0.3

    opened by remisbaima 2
  • chore(main): release 0.0.2

    chore(main): release 0.0.2

    :robot: I have created a release beep boop

    0.0.2 (2022-04-24)

    Features

    • add distributionManagement (b79297e)

    Bug Fixes

    • add -DskipTests to Maven build (69c1e0f)
    • add token name (4815f71)
    • bug in github action (cdf80b1)
    • bump jackson-databind to fix sonatype lift critical finding (7c0db44)
    • change pom.xml version to avoid constant updates. (67775a2)
    • change secret name (ba215bc)
    • cleanup changelog (1ae0a66)
    • extend github workflow to publish (8989786)
    • fix github action for publish (142b771)
    • fix mvn deploy (078da49)
    • fix sonarcloud finding (d57f7f4)
    • fix Sonarcloud findings (a1de9fd)
    • improve exception handling and test coverage (3bc9be7)
    • improve test coverage (216f7c3)
    • listen to release created (8a156dd)
    • output steps variables (cd36870)
    • pass PAT instead of GH token (8fe2b69)
    • re-org github action (9fc1aed)
    • remove commented code (2553cf0)
    • remove echo (36f0056)
    • simplify github workflow (a128208)
    • step msg (8e8ffd4)
    • test release (2b787cb)
    • test release (0e28a13)

    Miscellaneous Chores

    Documentation

    • add sonatype lift link (9a690c5)
    • change sonarcloud badge to overall code (f797930)
    • delete tag to facilitate copying plugin config (67c238a)
    • delete changelog of v0.0.2 as it was not released (b815679)
    • fix typo (5f0fbc5)
    • remove release v0.0.4 as release build failed (d1a50fe)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(main): release 0.0.4

    chore(main): release 0.0.4

    :robot: I have created a release beep boop

    0.0.4 (2022-04-24)

    Documentation

    • delete changelog of v0.0.2 as it was not released (b815679)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(main): release 0.0.3

    chore(main): release 0.0.3

    :robot: I have created a release beep boop

    0.0.3 (2022-04-24)

    Bug Fixes

    • bump jackson-databind to fix sonatype lift critical finding (7c0db44)
    • fix sonarcloud finding (d57f7f4)
    • fix Sonarcloud findings (a1de9fd)

    Documentation

    • add sonatype lift link (9a690c5)
    • change sonarcloud badge to overall code (f797930)
    • delete tag to facilitate copying plugin config (67c238a)
    • fix typo (5f0fbc5)

    This PR was generated with Release Please. See documentation.

    autorelease: tagged 
    opened by remisbaima 2
  • chore(deps): bump checkstyle from 10.3.4 to 10.5.0

    chore(deps): bump checkstyle from 10.3.4 to 10.5.0

    Bumps checkstyle from 10.3.4 to 10.5.0.

    Release notes

    Sourced from checkstyle's releases.

    checkstyle-10.5.0

    Checkstyle 10.5.0 - https://checkstyle.org/releasenotes.html#Release_10.5.0

    New:

    #11644 - Allow 3rd party Check providers to group modules under custom parent module

    Bug fixes:

    #12443 - checkstyle 10.3.3 and newer throws NullPointerException on annotated generic types from IllegalType rule #12345 - False positive in NoWhiteSpaceAfter #12291 - EmptyForInitializerPad: ArrayIndexOutOfBoundsException

    checkstyle-10.4

    Checkstyle 10.4 - https://checkstyle.org/releasenotes.html#Release_10.4

    Breaking backward compatibility:

    ... (truncated)

    Commits
    • dbeb902 [maven-release-plugin] prepare release checkstyle-10.5.0
    • 9051f22 doc: releasenotes 10.5.0
    • e9e79c3 minor: moves codenarc under config
    • 4288c3b minor: moves release settings under config
    • 2ea0295 minor: moves projects to test on under config
    • a844187 Issue #12441: Resolve Pitest suppression for RightCurlyCheck
    • 858dcaa minor: moves jsoref spellchecker under config
    • 72fa053 minor: moves pitest suppressions under config
    • 495594e minor: moves error prone suppressions under config
    • b2e49dd minor: moves checker framework suppressions under config
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • chore(deps): bump cyclonedx-core-java from 7.2.0 to 7.3.0

    chore(deps): bump cyclonedx-core-java from 7.2.0 to 7.3.0

    Bumps cyclonedx-core-java from 7.2.0 to 7.3.0.

    Commits
    • ab601af [maven-release-plugin] prepare release cyclonedx-core-java-7.3.0
    • b03e96c bump
    • 4ae2814 Removing unused import
    • d94610d Merge pull request #235 from synaos-bwi/optional_encoding
    • f595c43 Merge pull request #238 from CycloneDX/correct-uri-generation
    • 1fbac0f Merge pull request #234 from CycloneDX/dependabot/maven/org.cyclonedx-cyclone...
    • 2a7c876 bump
    • a893ba6 Correcting bomlink generation for XML and JSON. Added unit tests.
    • 424ab95 Merge pull request #236 from synaos-bwi/add_lgpl_alternative_url
    • 28e731c Added alternative LGPL-3.0 url
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 1
  • chore(deps): bump checkstyle from 10.3.4 to 10.6.0

    chore(deps): bump checkstyle from 10.3.4 to 10.6.0

    Bumps checkstyle from 10.3.4 to 10.6.0.

    Release notes

    Sourced from checkstyle's releases.

    checkstyle-10.6.0

    Checkstyle 10.6.0 - https://checkstyle.org/releasenotes.html#Release_10.6.0

    Breaking backward compatibility:

    #12520 - Simplify JavadocStyleCheck: remove functionality for missing package-info Javadoc

    Bug fixes:

    #12409 - Inconsistent allowedAbbreviations when a method contains an underscore #12486 - NoWhitespaceAfter false positive on synchronized method #11807 - Null pointer exception with records in RequireThisCheck

    checkstyle-10.5.0

    Checkstyle 10.5.0 - https://checkstyle.org/releasenotes.html#Release_10.5.0

    New:

    #11644 - Allow 3rd party Check providers to group modules under custom parent module

    Bug fixes:

    #12443 - checkstyle 10.3.3 and newer throws NullPointerException on annotated generic types from IllegalType rule #12345 - False positive in NoWhiteSpaceAfter #12291 - EmptyForInitializerPad: ArrayIndexOutOfBoundsException

    ... (truncated)

    Commits
    • 233c91b [maven-release-plugin] prepare release checkstyle-10.6.0
    • c982461 config: maven has problems to push, moving push to action level
    • 2826b1b config: git push commands need write permission in actions
    • 311a1b7 config: skip pgp sign plugin during release:prepare as we do not sign commits
    • 04347b1 doc: release notes for 10.6.0
    • d12ffc7 Issue #12409: Inconsistentency In Allowed Abbreviations
    • a5be3cf minor: Bump version to 10.6.0-SNAPSHOT
    • ebb46cb Issue #12520: removes missing package-info Javadoc check in JavadocStyle
    • 475063f supplemental: Forbid usage of @​BeforeAll in tests
    • 069905a config: upgrade sevntu to 1.44.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • chore(deps): bump cyclonedx-core-java from 7.2.0 to 7.3.1

    chore(deps): bump cyclonedx-core-java from 7.2.0 to 7.3.1

    Bumps cyclonedx-core-java from 7.2.0 to 7.3.1.

    Commits
    • 00a33d8 [maven-release-plugin] prepare release cyclonedx-core-java-7.3.1
    • a843a8f bump
    • 85190aa Merge pull request #239 from CycloneDX/dependabot/maven/com.fasterxml.jackson...
    • 0003467 Merge pull request #242 from CycloneDX/dependabot/github_actions/actions/chec...
    • 21a5156 Merge pull request #243 from CycloneDX/dependabot/maven/com.networknt-json-sc...
    • 22e3b8d Merge pull request #244 from taleodor/master
    • 83297a7 fix: conform Json mime type property to schema
    • 20f0dee Bump json-schema-validator from 1.0.73 to 1.0.76
    • 545f851 Bump actions/checkout from 3.1.0 to 3.2.0
    • 958acaf Bump jackson-dataformat-xml from 2.14.0 to 2.14.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • chore(deps): bump actions/stale from 6 to 7

    chore(deps): bump actions/stale from 6 to 7

    Bumps actions/stale from 6 to 7.

    Release notes

    Sourced from actions/stale's releases.

    v7.0.0

    ⚠️ This version contains breaking changes ⚠️

    What's Changed

    Breaking Changes

    • In this release we prevent this action from managing the stale label on items included in exempt-issue-labels and exempt-pr-labels
    • We decided that this is outside of the scope of this action, and to be left up to the maintainer

    New Contributors

    Full Changelog: https://github.com/actions/stale/compare/v6...v7.0.0

    v6.0.1

    Update @​actions/core to 1.10.0 #839

    Full Changelog: https://github.com/actions/stale/compare/v6.0.0...v6.0.1

    Changelog

    Sourced from actions/stale's changelog.

    Changelog

    [7.0.0]

    :warning: Breaking change :warning:

    [6.0.1]

    Update @​actions/core to v1.10.0 (#839)

    [6.0.0]

    :warning: Breaking change :warning:

    Issues/PRs default close-issue-reason is now not_planned(#789)

    [5.1.0]

    Don't process stale issues right after they're marked stale [Add close-issue-reason option]#764#772 Various dependabot/dependency updates

    4.1.0 (2021-07-14)

    Features

    4.0.0 (2021-07-14)

    Features

    Bug Fixes

    • dry-run: forbid mutations in dry-run (#500) (f1017f3), closes #499
    • logs: coloured logs (#465) (5fbbfba)
    • operations: fail fast the current batch to respect the operations limit (#474) (5f6f311), closes #466
    • label comparison: make label comparison case insensitive #517, closes #516
    • filtering comments by actor could have strange behavior: "stale" comments are now detected based on if the message is the stale message not who made the comment(#519), fixes #441, #509, #518

    Breaking Changes

    ... (truncated)

    Commits
    • 6f05e42 draft release for v7.0.0 (#888)
    • eed91cb Update how stale handles exempt items (#874)
    • 10dc265 Merge pull request #880 from akv-platform/update-stale-repo
    • 9c1eb3f Update .md files and allign build-test.yml with the current test.yml
    • bc357bd Update .github/workflows/release-new-action-version.yml
    • 690ede5 Update .github/ISSUE_TEMPLATE/bug_report.md
    • afbcabf Merge branch 'main' into update-stale-repo
    • e364411 Update name of codeql.yml file
    • 627cef3 fix print outputs step (#859)
    • 975308f Merge pull request #876 from jongwooo/chore/use-cache-in-check-dist
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 0
  • chore(deps): bump jackson-databind from 2.13.4.2 to 2.14.1

    chore(deps): bump jackson-databind from 2.13.4.2 to 2.14.1

    Bumps jackson-databind from 2.13.4.2 to 2.14.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • chore(deps-dev): bump takari-plugin-integration-testing from 3.0.0 to 3.0.1

    chore(deps-dev): bump takari-plugin-integration-testing from 3.0.0 to 3.0.1

    Bumps takari-plugin-integration-testing from 3.0.0 to 3.0.1.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
  • chore(deps): bump maven-plugin.version from 3.6.4 to 3.7.0

    chore(deps): bump maven-plugin.version from 3.6.4 to 3.7.0

    Bumps maven-plugin.version from 3.6.4 to 3.7.0. Updates maven-plugin-annotations from 3.6.4 to 3.7.0

    Release notes

    Sourced from maven-plugin-annotations's releases.

    3.7.0

    Bug

    • [MPLUGIN-298] - The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets
    • [MPLUGIN-394] - Report-Mojo doesn't respect input encoding
    • [MPLUGIN-403] - Generating site reports for plugin results in NoSuchMethodError
    • [MPLUGIN-404] - JDK Requirements in plugin-info.html: Consider property "maven.compiler.release"
    • [MPLUGIN-420] - Parameters documentation inheriting @ since from Mojo can be confusing
    • [MPLUGIN-428] - Don't emit warning for missing javadoc URL of primitives
    • [MPLUGIN-429] - Don't emit warning for missing javadoc URI if no javadoc sources are configured
    • [MPLUGIN-438] - Parameter description should be taken from annotated item

    New Feature

    • [MPLUGIN-9] - Add link to javadoc in configuration description page for user defined types of Mojos.
    • [MPLUGIN-396] - Allow only @ Deprecated annotation without @ deprecated javadoc tag
    • [MPLUGIN-400] - add system requirements history section
    • [MPLUGIN-402] - report: allow to generate usage section in plugin-info.html with true
    • [MPLUGIN-419] - Allow @ Parameter on setters methods
    • [MPLUGIN-423] - Extract plugin report into its own plugin
    • [MPLUGIN-427] - report: Expose generics information of Collection and Map types

    Improvement

    • [MPLUGIN-297] - plugin-info.html should contain a better Usage section
    • [MPLUGIN-390] - Do not overwrite generate files with no content change
    • [MPLUGIN-393] - Upgrade to JUnit 5 and @ Inject annotations
    • [MPLUGIN-398] - Support for java 20 - ASM 9.4
    • [MPLUGIN-405] - Don't print empty Memory, Disk Space in System Requirements
    • [MPLUGIN-408] - simplification in helpmojo build
    • [MPLUGIN-411] - Get rid of plexus-compiler-manager from tests
    • [MPLUGIN-412] - Use Maven core artifacts in provided scope
    • [MPLUGIN-417] - report and descriptor goal need to evaluate Javadoc comments differently
    • [MPLUGIN-433] - Allow to reference aggregator javadoc from plugin report

    Task

    • [MPLUGIN-378] - Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations
    • [MPLUGIN-389] - Update level to Java 8
    • [MPLUGIN-391] - Deprecate scripting support for mojos
    • [MPLUGIN-406] - Deprecate requirements parameter in report Mojo
    • [MPLUGIN-407] - Remove duplicate code from PluginReport
    • [MPLUGIN-409] - Prepare for Doxia (Sitetools) 2.0.0
    • [MPLUGIN-430] - Fix documentation for maven-plugin-report-plugin
    • [MPLUGIN-431] - Remove deprecated items from new maven-plugin-report-plugin

    ... (truncated)

    Commits
    • 0f2c0d5 [maven-release-plugin] prepare release maven-plugin-tools-3.7.0
    • 76d99af [MPLUGIN-438] Parameter description should be taken from annotated item
    • 5b60490 [MPLUGIN-435] Revert MPLUGIN-410. Drop @​Parameter.implementation and keep it ...
    • ebdb063 [MPLUGIN-437] Fixes to the plugin descriptor generation (#167)
    • 339fc29 [MPLUGIN-433] Allow to disable link validation (#162)
    • a191579 [MPLUGIN-422] Upgrade to plexus-utils 3.5.0 (#164)
    • 664c16e [MPLUGIN-431] Remove deprecated items from new maven-plugin-report-plugin
    • 8a76400 [MPLUGIN-427] only emit simple parameter type for configuration (#163)
    • 322a9bb [MPLUGIN-434] Improve dependency management
    • a0ec0ba [MPLUGIN-427] Expose generics information of parameter types in report (#159)
    • Additional commits viewable in compare view

    Updates maven-plugin-plugin from 3.6.4 to 3.7.0

    Release notes

    Sourced from maven-plugin-plugin's releases.

    3.7.0

    Bug

    • [MPLUGIN-298] - The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets
    • [MPLUGIN-394] - Report-Mojo doesn't respect input encoding
    • [MPLUGIN-403] - Generating site reports for plugin results in NoSuchMethodError
    • [MPLUGIN-404] - JDK Requirements in plugin-info.html: Consider property "maven.compiler.release"
    • [MPLUGIN-420] - Parameters documentation inheriting @ since from Mojo can be confusing
    • [MPLUGIN-428] - Don't emit warning for missing javadoc URL of primitives
    • [MPLUGIN-429] - Don't emit warning for missing javadoc URI if no javadoc sources are configured
    • [MPLUGIN-438] - Parameter description should be taken from annotated item

    New Feature

    • [MPLUGIN-9] - Add link to javadoc in configuration description page for user defined types of Mojos.
    • [MPLUGIN-396] - Allow only @ Deprecated annotation without @ deprecated javadoc tag
    • [MPLUGIN-400] - add system requirements history section
    • [MPLUGIN-402] - report: allow to generate usage section in plugin-info.html with true
    • [MPLUGIN-419] - Allow @ Parameter on setters methods
    • [MPLUGIN-423] - Extract plugin report into its own plugin
    • [MPLUGIN-427] - report: Expose generics information of Collection and Map types

    Improvement

    • [MPLUGIN-297] - plugin-info.html should contain a better Usage section
    • [MPLUGIN-390] - Do not overwrite generate files with no content change
    • [MPLUGIN-393] - Upgrade to JUnit 5 and @ Inject annotations
    • [MPLUGIN-398] - Support for java 20 - ASM 9.4
    • [MPLUGIN-405] - Don't print empty Memory, Disk Space in System Requirements
    • [MPLUGIN-408] - simplification in helpmojo build
    • [MPLUGIN-411] - Get rid of plexus-compiler-manager from tests
    • [MPLUGIN-412] - Use Maven core artifacts in provided scope
    • [MPLUGIN-417] - report and descriptor goal need to evaluate Javadoc comments differently
    • [MPLUGIN-433] - Allow to reference aggregator javadoc from plugin report

    Task

    • [MPLUGIN-378] - Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations
    • [MPLUGIN-389] - Update level to Java 8
    • [MPLUGIN-391] - Deprecate scripting support for mojos
    • [MPLUGIN-406] - Deprecate requirements parameter in report Mojo
    • [MPLUGIN-407] - Remove duplicate code from PluginReport
    • [MPLUGIN-409] - Prepare for Doxia (Sitetools) 2.0.0
    • [MPLUGIN-430] - Fix documentation for maven-plugin-report-plugin
    • [MPLUGIN-431] - Remove deprecated items from new maven-plugin-report-plugin

    ... (truncated)

    Commits
    • 0f2c0d5 [maven-release-plugin] prepare release maven-plugin-tools-3.7.0
    • 76d99af [MPLUGIN-438] Parameter description should be taken from annotated item
    • 5b60490 [MPLUGIN-435] Revert MPLUGIN-410. Drop @​Parameter.implementation and keep it ...
    • ebdb063 [MPLUGIN-437] Fixes to the plugin descriptor generation (#167)
    • 339fc29 [MPLUGIN-433] Allow to disable link validation (#162)
    • a191579 [MPLUGIN-422] Upgrade to plexus-utils 3.5.0 (#164)
    • 664c16e [MPLUGIN-431] Remove deprecated items from new maven-plugin-report-plugin
    • 8a76400 [MPLUGIN-427] only emit simple parameter type for configuration (#163)
    • 322a9bb [MPLUGIN-434] Improve dependency management
    • a0ec0ba [MPLUGIN-427] Expose generics information of parameter types in report (#159)
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies java 
    opened by dependabot[bot] 0
Releases(v0.2.1)
Owner
null
GitHub
This is a Maven plugin designed to help developers automatizing the creation of code classes from YML files based on AsyncApi and OpenAPI.

SCS MultiApi Maven Plugin This is a Maven plugin designed to help developers automatizing the creation of code classes from YML files based on AsyncAp

Corunet 0 Dec 20, 2022
An API Library that provides the functionality to access, manage and store device topologies found in JSON files using Java and Maven Framework

Topology API ?? About An API library which provides the functionality to access, manage and store device topologies. ?? Description Read a topology fr

Abdelrahman Hamdy 2 Aug 4, 2022
Version-agnostic and package-agnostic interfaces used in Constellar. Zero strict dependencies, works as a submodule.

bridge Version-agnostic and package-agnostic interfaces used in Constellar. Zero strict dependencies, works as a submodule. Used for cross-compatibili

uranometrical 2 Feb 23, 2022
Docker-compose-integration-tstst - An exploration of how to run integration tests against an application that has inconvenient external dependencies (e.g. a SQL database).

Tstst? it was supposed to be docker-compose-integration-tests but i was too lazy to fix it at the outset, and now im trying to convince myself its fun

null 1 Jan 4, 2022
This module explains about the example of Spring MVC + Database Integration with MySQL using Hibernate ORM with practical coding example and required JAR dependencies

SpringMVC-Database-Integration This module explains about the example of Spring MVC + Database Integration with MySQL using Hibernate ORM with practic

GowthamRaj K 3 Nov 2, 2021
A exploit to remotely check if a chunk is loaded.

InteractCordExploit (NoCom) A exploit to remotely check if a chunk is loaded which has been automated to create heatmaps and find chunks with active p

null 26 Aug 18, 2022
Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

Log4Shell Hotfix Side Effect Test Case I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the C

Malte S. Stretz 3 Nov 9, 2022
Automated health check for Zeebe cluster

cluster-healthcheck Automated health check for Camunda Cloud clusters. See HealthCheck for usage. This project is in very very early stages of develop

Peter Ihme 2 Oct 16, 2021
"Some" Utilities you can use for your Java projects "freely"! Files are compiled with Java-8 and above, but mostly Java-11.

✨ Java-SomeUtils ?? "Some" Utilities you can use for your Java projects "freely"! *"Freely"* forcing you to include the license into your program. Fil

JumperBot_ 2 Jan 6, 2023
A plugin to help you easily edit Swagger and OpenAPI specification files inside IntelliJ IDEA

Swagger Plugin Swagger Plugin makes it easy to edit Swagger and OpenAPI specification files inside IntelliJ IDEA. You can find it on JetBrains' plugin

Zalando SE 1.1k Dec 15, 2022
This plugin adds cfn-nag linting support to CloudFormation yaml and json files.

cfn-nag-intellij-plugin This plugin adds cfn-nag linting support to CloudFormation yaml and json files. Cfn-nag must be installed separately. Installa

MMT Digital 6 Jun 23, 2022
A distributed lock that supports the use of Redis and Zookeeper, out of the box, fast and easy to use

lock-spring-boot-starter A distributed lock that supports the use of Redis and Zookeeper, out of the box, fast and easy to use 一款基于 Redis 和 Zookeeper

Pear Stack 9 Oct 15, 2022
Not only Spring Boot but also important knowledge of Spring(不只是SpringBoot还有Spring重要知识点)

在线阅读 : https://snailclimb.gitee.io/springboot-guide (上面的地址访问速度缓慢的建议使用这个路径访问) 重要知识点 基础 Spring Boot 介绍 第一个 Hello World 第一个 RestFul Web 服务 Spring 如何优雅读取配

Guide哥 4.7k Jan 3, 2023
Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.

Burp PAC Server This Burp Extension generates a dynamic Proxy Auto-Configuration (PAC) script that will route traffic to your Burp proxy only if it ma

null 30 Jun 13, 2022
Bring back Youtube Dislike for Android (View Only)

Show Youtube Dislikes Bring back Youtube Dislikes for Android This is a simple application, that parses the data from the "returnyoutubedislike.com" A

Jesper Bak Handskemager 21 Nov 17, 2022
Rails like error pages for Spring Boot applications that are only active in development.

Better Error Pages Table of Contents Introduction Demo Quick Start Configuration Limitations License Introduction This is a Spring Boot Starter projec

Kod Gemisi 13 Jan 2, 2022
Translating texts via Youdao eco-freely in only one class

Youdao4J Translating texts via Youdao Translator by one class. Need GSON. Usage Youdao4J did lots of works in the background. DO NOT create morr Youda

iceBear 8 Dec 11, 2022
Operating Systems - Concepts of computer operating systems including concurrency, memory management, file systems, multitasking, performance analysis, and security. Offered spring only.

Nachos for Java README Welcome to Nachos for Java. We believe that working in Java rather than C++ will greatly simplify the development process by p

Sabir Kirpal 1 Nov 28, 2021
Simulates FGO combat logic (only ally)

FGO模拟器 制作自定义单位时,请主要依照FGO的逻辑来写。 虽然可以写出FGO没有的从者、礼装,但是除非符合逻辑否则程序会做什么我也不知道。 另外这个小程序没有任何联网功能,我也不准备录入所有东西的数据,所以请自己制作需要的部件~ 未来大概就只在github随缘更新,但是现有的制作器基本支持写出绝

Yome 24 Dec 19, 2022