Merge branch 'master' into master

Signed-off-by: Alexander Alzate <[email protected]>

Author: mr-zepol

.github/workflows/codeql-analysis.yml

@@ -20,7 +20,7 @@ jobs:
       security-events: write
     steps:
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -31,10 +31,10 @@ jobs:
       if: ${{ github.event_name == 'pull_request' }}
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # tag=v3.26.7
+      uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # tag=v3.27.5
       with:
         languages: java
     - name: Autobuild
-      uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # tag=v3.26.7
+      uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # tag=v3.27.5
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # tag=v3.26.7
+      uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # tag=v3.27.5

.github/workflows/docs.yml

@@ -16,16 +16,16 @@ jobs:
       contents: write # Required to push commits to gh-pages branch
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
       - name: Set up JDK 8
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # tag=v4.3.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # tag=v4.5.0
         with:
           distribution: temurin
           java-version: 8
       - name: Build with Maven
         run: mvn -B --no-transfer-progress package
       - name: Deploy documentation
-        uses: JamesIves/github-pages-deploy-action@920cbb300dcd3f0568dbc42700c61e2fd9e6139c # tag=v4.6.4
+        uses: JamesIves/github-pages-deploy-action@62fec3add6773ec5dbbf18d2ee4260911aa35cf4 # tag=v4.6.9
         with:
           branch: gh-pages
-          folder: target/apidocs
+          folder: target/reports/apidocs

.github/workflows/maven.yml

@@ -20,9 +20,9 @@ jobs:
     timeout-minutes: 5
     steps:
     - name: Checkout Repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
     - name: Set up JDK ${{ matrix.java-version }}
-      uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # tag=v4.3.0
+      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # tag=v4.5.0
       with:
         distribution: temurin
         java-version: ${{ matrix.java-version }}
@@ -41,7 +41,7 @@ jobs:
         coverage-reports: target/site/jacoco/jacoco.xml
     - name: Upload PR test coverage report
       if: ${{ github.event_name == 'pull_request' }}
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # tag=v4.4.0
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # tag=v4.4.3
       with:
         name: pr-test-coverage-report-java-${{ matrix.java-version }}
         path: target/site/jacoco/jacoco.xml

pom.xml

@@ -23,7 +23,7 @@
     <groupId>org.cyclonedx</groupId>
     <artifactId>cyclonedx-core-java</artifactId>
     <packaging>jar</packaging>
-    <version>9.0.6-SNAPSHOT</version>
+    <version>9.1.1-SNAPSHOT</version>
 
     <name>CycloneDX Core (Java)</name>
     <description>The CycloneDX core module provides a model representation of the BOM along with utilities to assist in creating, parsing, and validating BOMs.</description>
@@ -77,12 +77,12 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- Maven Plugin Versions -->
-        <maven.cyclonedx.plugin.version>2.8.1</maven.cyclonedx.plugin.version>
-        <maven.javadoc.plugin.version>3.10.0</maven.javadoc.plugin.version>
+        <maven.cyclonedx.plugin.version>2.9.0</maven.cyclonedx.plugin.version>
+        <maven.javadoc.plugin.version>3.11.1</maven.javadoc.plugin.version>
         <maven.source.plugin.version>3.3.1</maven.source.plugin.version>
         <maven.jar.plugin.version>3.4.2</maven.jar.plugin.version>
         <maven.github.release.plugin.version>1.6.0</maven.github.release.plugin.version>
-        <project.build.outputTimestamp>2024-08-06T14:08:19Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-10-15T21:02:52Z</project.build.outputTimestamp>
     </properties>
 
     <scm>
@@ -154,7 +154,7 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.16.1</version>
+            <version>2.18.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -181,15 +181,15 @@
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-xml</artifactId>
-            <version>2.17.2</version>
+            <version>2.18.1</version>
         </dependency>
 
         <!-- JSON Schema library -->
 
         <dependency>
             <groupId>com.networknt</groupId>
             <artifactId>json-schema-validator</artifactId>
-            <version>1.5.1</version>
+            <version>1.5.3</version>
         </dependency>
 
         <!-- Unit Test -->
@@ -204,14 +204,14 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.11.0</version>
+            <version>5.11.3</version>
             <scope>test</scope>
         </dependency>
 
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.11.0</version>
+            <version>5.11.3</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -312,7 +312,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.5.0</version>
+                    <version>3.5.2</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -349,7 +349,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.6</version>
+                        <version>3.2.7</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

src/main/java/org/cyclonedx/model/Component.java

@@ -28,7 +28,7 @@
 import org.cyclonedx.model.component.ModelCard;
 import org.cyclonedx.model.component.crypto.CryptoProperties;
 import org.cyclonedx.model.component.Tags;
-import org.cyclonedx.model.component.modelCard.ComponentData;
+import org.cyclonedx.model.component.data.ComponentData;
 import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer;
 import org.cyclonedx.util.deserializer.HashesDeserializer;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -207,8 +207,7 @@ public String getScopeName() {
     private ModelCard modelCard;
 
     @VersionFilter(Version.VERSION_15)
-    @JsonProperty("data")
-    private ComponentData data;
+    private List<ComponentData> data;
 
     @VersionFilter(Version.VERSION_16)
     @JsonProperty("cryptoProperties")
@@ -500,11 +499,14 @@ public void setModelCard(final ModelCard modelCard) {
         this.modelCard = modelCard;
     }
 
-    public ComponentData getData() {
+    @JsonProperty("data")
+    @JacksonXmlElementWrapper(useWrapping = false)
+    @JacksonXmlProperty(localName = "data")
+    public List<ComponentData> getData() {
         return data;
     }
 
-    public void setData(final ComponentData data) {
+    public void setData(final List<ComponentData> data) {
         this.data = data;
     }
 

src/main/java/org/cyclonedx/model/attestation/evidence/Data.java

@@ -8,7 +8,7 @@
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
-import org.cyclonedx.model.component.modelCard.data.Governance;
+import org.cyclonedx.model.component.data.Governance;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonInclude(JsonInclude.Include.NON_EMPTY)

src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java renamed to src/main/java/org/cyclonedx/model/component/data/ComponentData.java

@@ -1,4 +1,4 @@
-package org.cyclonedx.model.component.modelCard;
+package org.cyclonedx.model.component.data;
 
 import java.util.List;
 import java.util.Objects;
@@ -8,9 +8,6 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import org.cyclonedx.model.ExtensibleElement;
-import org.cyclonedx.model.component.modelCard.data.Content;
-import org.cyclonedx.model.component.modelCard.data.Governance;
-import org.cyclonedx.model.component.modelCard.data.Graphics;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonInclude(JsonInclude.Include.NON_EMPTY)

src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java renamed to src/main/java/org/cyclonedx/model/component/data/Content.java

@@ -1,4 +1,4 @@
-package org.cyclonedx.model.component.modelCard.data;
+package org.cyclonedx.model.component.data;
 
 import java.util.List;
 import java.util.Objects;

src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java renamed to src/main/java/org/cyclonedx/model/component/data/DatasetChoice.java

@@ -1,4 +1,4 @@
-package org.cyclonedx.model.component.modelCard;
+package org.cyclonedx.model.component.data;
 
 import java.util.Objects;
 

src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java renamed to src/main/java/org/cyclonedx/model/component/data/Governance.java

@@ -1,4 +1,4 @@
-package org.cyclonedx.model.component.modelCard.data;
+package org.cyclonedx.model.component.data;
 
 import java.util.List;
 import java.util.Objects;