Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.3 to 2.7.10

[dependabot[bot]]

Bumps org.cyclonedx:cyclonedx-maven-plugin from 2.7.3 to 2.7.10.

Release notes

Sourced from org.cyclonedx:cyclonedx-maven-plugin's releases.

2.7.10

🚀 New features and improvements

• Extended documentation by pointing out the allowed project types (#383) @​r4fterman
• [409] Removes non-deployed artifacts from SBOM (#416) @​ppkarwasz
• Addressing issue #388. Checking if URL is null, empty, or blank (usin… (#396) @​mtgag
• replace maven.reproducible property with cdx:reproducible (#392) @​hboutemy
• upgrade cyclonedx-maven-plugin to 2.7.9 to produce Reproducible SBOM (#368) @​hboutemy

🐛 Bug Fixes

• ignore bomGenerator.generate() call (#376) @​seanly
• switch to m-plugin-report-p introduced in 3.9.0 (#381) @​hboutemy

📦 Dependency updates

• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.8.2 to 3.10.1 (#413) @​dependabot
• Bump org.apache.maven.plugins:maven-plugin-plugin from 3.9.0 to 3.10.1 (#412) @​dependabot
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0 (#404) @​dependabot
• Bump actions/checkout from 4.1.0 to 4.1.1 (#408) @​dependabot
• Bump commons-codec from 1.15 to 1.16.0 (#377) @​dependabot
• Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#385) @​dependabot
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#386) @​dependabot
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 (#399) @​dependabot
• Bump org.apache.commons:commons-compress from 1.22 to 1.24.0 in /src/it/makeAggregateBom/util (#400) @​dependabot
• Bump actions/checkout from 3.5.3 to 4.1.0 (#401) @​dependabot
• Bump org.xerial.snappy:snappy-java from 1.1.8.4 to 1.1.10.4 in /src/test/resources/bundle (#402) @​dependabot
• Bump actions/checkout from 3.5.2 to 3.5.3 (#370) @​dependabot
• Bump maven-release-plugin from 3.0.0 to 3.0.1 (#369) @​dependabot
• Bump maven-source-plugin from 3.2.1 to 3.3.0 (#366) @​dependabot
• Bump maven-plugin-plugin from 3.8.2 to 3.9.0 (#363) @​dependabot

2.7.9

• Tidy up code (#351) @​knrc

🚀 New features and improvements

• Add a test to ensure we handle relocations, closes #289 (#360) @​knrc
• Add support for maven optionality, fixes #314 (#356) @​knrc
• Remove extra dependency collection through Mojo annotation, fixes #354 (#355) @​knrc
• support Reproducible SBOM: drop UUID and timestamp when RB mode enabled (#353) @​hboutemy

🐛 Bug Fixes

• Fix makeAggregateBom failed: Unknown constant pool type 17 (#358) @​garydgregory

📦 Dependency updates

... (truncated)

Commits

• a6e8e5c [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.7.10
• fbc9781 point to CycloneDX specification for project types
• 52900ba Extended documentation by pointing out the allowed project types
• d809920 Merge pull request #413 from CycloneDX/dependabot/maven/org.apache.maven.plug...
• c112bc8 Merge pull request #412 from CycloneDX/dependabot/maven/org.apache.maven.plug...
• 8ec9e71 Merge pull request #404 from CycloneDX/dependabot/maven/org.apache.maven.plug...
• 6d32f39 Merge pull request #408 from CycloneDX/dependabot/github_actions/actions/chec...
• e774f12 Merge pull request #416 from ppkarwasz/non-deployed
• 7bbf61d [409] Removes non-deployed artifacts from SBOM
• 1257d13 Bump org.apache.maven.plugin-tools:maven-plugin-annotations
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #6.