Release v1.4.0

Changelog

🚀 Features

• eeb1e1b Adding scorecard analysis workflow .github/workflows/scorecard-analysis.yml (#351) (eclipse-otterdog[bot])
• 2576460 feat: improve error handling during submission (#294) (Thomas Neidhart)
• d40cb04 Enable update for github actions (Thomas Neidhart)
• 6b73d4e Pinning workflow .github/workflows/ci.yml (#370) (eclipse-otterdog[bot])
• 2390150 doc: add SLSA badge in README.md (Mikaël Barbero)

🐛 Bug Fixes

• 1cfed74 fix: jreleaser builder slsa3 is in dedicated branch (Mikaël Barbero)
• bf67d79 fix: revert adding jspecify and add spotbugs-annotations (Mikaël Barbero)
• fe2c21f fix: added jspecify to prepare for guava upgrade (Mikaël Barbero)
• c32fd8c fix: use quarkus-resteasy-client to avoid dependency issues when updating to quarkus 3.7+ (Thomas Neidhart)

🧰 Maintenance

• 7e28664 chore(deps): bump jreleaser/release-action from 1.1.0.pre.java to 2.4.2 (dependabot[bot])
• 16260f7 chore(deps): bump com.google.guava:guava from 33.4.0-jre to 33.4.8-jre (dependabot[bot])
• 99a75e8 chore(deps): bump github/codeql-action from 3.28.13 to 3.28.17 (dependabot[bot])
• da61096 chore(deps): bump actions/setup-java from 4.7.0 to 4.7.1 (dependabot[bot])
• d3b4ec1 chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot])
• 9c44a18 chore(deps): bump surefire-plugin.version from 3.5.2 to 3.5.3 (dependabot[bot])
• c4ec66f chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (dependabot[bot])
• 2271f07 chore(deps): bump the quarkus group with 2 updates (dependabot[bot])
• 84e93f2 chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin (dependabot[bot])
• 7108de5 chore(deps): bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1 (dependabot[bot])
• dd09371 chore(deps): bump com.squareup.okio:okio from 3.10.2 to 3.11.0 (dependabot[bot])
• e2bf901 chore(deps): bump io.soabase.record-builder.version from 44 to 45 (dependabot[bot])
• 821fa6e chore(deps): bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot])
• 839e92b chore(deps): bump org.owasp:dependency-check-maven from 11.1.0 to 12.1.0 (dependabot[bot])
• e1b50ca chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot])
• e8de33a chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot])
• cd35637 chore(deps): bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot])
• e7c8660 chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (dependabot[bot])
• 3e4a8a5 chore(deps): bump the quarkus group across 1 directory with 2 updates (dependabot[bot])
• 90c9a67 chore(deps): bump org.apache.maven.plugins:maven-artifact-plugin (#363) (dependabot[bot])
• 581e6e9 chore(deps): bump io.soabase.record-builder.version from 43 to 44 (#357) (dependabot[bot])
• e5a629d chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin (#354) (dependabot[bot])
• 45c5edd chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (#353) (dependabot[bot])
• 739bc8f chore(deps): bump github/codeql-action from 2.27.3 to 3.28.8 (#371) (dependabot[bot])
• b2757ff chore(deps): bump actions/checkout from 3.6.0 to 4.2.2 (#374) (dependabot[bot])
• d4ba962 chore(deps): bump actions/setup-java from 3.13.0 to 4.7.0 (#373) (dependabot[bot])
• 3fe3ed4 chore(deps): bump com.squareup.okio:okio from 3.9.1 to 3.10.2 (#364) (dependabot[bot])
• 953a18c Update to v4 of the upload-artifact action (Thomas Neidhart)
• 6fcd5d1 chore(deps): bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre (#359) (dependabot[bot])
• 960bdae chore(deps): bump the quarkus group with 2 updates (#350) (dependabot[bot])
• aa778d2 chore(deps): bump the quarkus group with 2 updates (#349) (dependabot[bot])
• 7e34370 chore(deps): bump the quarkus group across 1 directory with 2 updates (#347) (dependabot[bot])
• 0c38757 chore(deps): bump org.owasp:dependency-check-maven from 11.0.0 to 11.1.0 (#343) (dependabot[bot])
• 2dabd05 chore(deps): bump org.apache.maven.plugins:maven-artifact-plugin (#346) (dependabot[bot])
• 67474ed chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (#345) (dependabot[bot])
• 5c91724 chore(deps): bump surefire-plugin.version from 3.5.1 to 3.5.2 (#344) (dependabot[bot])
• eb2feb9 Delete .github/workflows/dependency-update.yml bc of automatic dependency submission by GitHub itself (Thomas Neidhart)
• 3398e13 chore(otterdog): pinning workflows due to blueprint pin-workflows (#348) (eclipse-otterdog[bot])
• cc1f2eb chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (dependabot[bot])
• e983b4e chore(deps): bump com.google.guava:guava from 33.1.0-jre to 33.3.1-jre (dependabot[bot])
• a368091 chore(deps): bump org.apache.maven.plugins:maven-artifact-plugin (dependabot[bot])
• fc45e26 chore(deps): bump the quarkus group across 1 directory with 2 updates (dependabot[bot])
• fe7f7fa chore(deps): bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0 (#341) (dependabot[bot])
• 9601584 chore(deps): bump surefire-plugin.version from 3.2.5 to 3.5.1 (#328) (dependabot[bot])
• 90835eb chore(deps): bump io.soabase.record-builder.version from 41 to 43 (#329) (dependabot[bot])
• 4a294c7 chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin (#330) (dependabot[bot])
• 5a1123d chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin (#331) (dependabot[bot])
• af1c469 chore(deps): bump org.apache.maven.plugins:maven-release-plugin (#332) (dependabot[bot])
• 8e6a7d5 chore(deps): bump org.eclipse.cbi:cbi-common from 1.4.3 to 1.5.2 (#335) (dependabot[bot])
• 1b9a2e9 chore(deps): bump com.squareup.okio:okio from 3.9.0 to 3.9.1 (#333) (dependabot[bot])
• 36233bd chore(deps): bump org.apache.maven.plugins:maven-jar-plugin (#334) (dependabot[bot])
• 4464678 chore(deps): bump org.owasp:dependency-check-maven from 9.1.0 to 10.0.4 (#336) (dependabot[bot])
• 8aaae14 Remove sonartype lifecycle integration (Thomas Neidhart)
• 9dfcdd8 chore: use latest release of sonatype iq action (Thomas Neidhart)
• 3c089c4 chore: move service to foundation-codesigning namespace (Thomas Neidhart)
• 05c1711 chore(deps): bump the quarkus group with 2 updates (#324) (dependabot[bot])
• 39de124 chore(deps): bump io.soabase.record-builder.version from 40 to 41 (#306) (dependabot[bot])
• 6f165f8 chore(deps): bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 (#322) (dependabot[bot])
• 2bf97ab chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin (#320) (dependabot[bot])
• 8d8a190 chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (#312) (dependabot[bot])
• ee966ae chore(deps): bump org.apache.maven.plugins:maven-artifact-plugin (#323) (dependabot[bot])
• 72ee516 chore(deps): bump com.google.guava:guava from 33.0.0-jre to 33.1.0-jre (#314) (dependabot[bot])
• 3cba7f4 chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin (#318) (dependabot[bot])
• 3988f43 chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin (#319) (dependabot[bot])
• 869ab08 chore(deps): bump com.squareup.okio:okio from 3.7.0 to 3.9.0 (#316) (dependabot[bot])
• 89ff1fa chore(deps): bump io.soabase.record-builder.version from 39 to 40 (dependabot[bot])
• acda478 chore(deps): bump surefire-plugin.version from 3.2.3 to 3.2.5 (dependabot[bot])
• c49436a chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin (dependabot[bot])
• de7d021 chore(deps): bump org.owasp:dependency-check-maven from 9.0.8 to 9.0.9 (dependabot[bot])
• 4de7134 chore(deps): bump the quarkus group with 1 update (dependabot[bot])
• d0d6501 chore(deps): bump org.owasp:dependency-check-maven from 9.0.7 to 9.0.8 (#293) (dependabot[bot])
• a7ffaa0 chore(deps): bump io.soabase.record-builder.version from 38 to 39 (#292) (dependabot[bot])
• 81497cf chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin (#289) (dependabot[bot])
• 054f7f3 chore(deps-dev): bump com.fasterxml.jackson.core:jackson-databind (#288) (dependabot[bot])
• dd6d3de chore(deps): bump com.google.guava:guava from 32.1.3-jre to 33.0.0-jre (#286) (dependabot[bot])
• d87a4c3 chore(deps): bump io.soabase.record-builder.version from 37 to 38 (#287) (dependabot[bot])
• 79800da chore(deps): bump org.owasp:dependency-check-maven from 9.0.6 to 9.0.7 (#290) (dependabot[bot])
• a1c53d4 chore(deps): bump org.owasp:dependency-check-maven from 9.0.2 to 9.0.6 (#284) (dependabot[bot])
• a8e5495 chore(deps): bump surefire-plugin.version from 3.2.2 to 3.2.3 (#282) (dependabot[bot])
• 19f7d8e chore(deps): bump com.squareup.okio:okio from 3.6.0 to 3.7.0 (#285) (dependabot[bot])
• 3502a95 chore: improve release download script, update README to 1.3.0 release (Thomas Neidhart)

Contributors

We'd like to thank the following people for their contributions:

• Mikaël Barbero
• Thomas Neidhart
• Александър Куртаков (@akurtakov)

Release v1.3.0

Changelog

🚀 Features

• 376b71d Use jreleaser, remove release-drafter. (#279) (Thomas Neidhart)
• 97b8c36 feat: switch prod to .146 (Mikaël Barbero)
• 57ffdc8 feat: add staging deployment configuration (Mikaël Barbero)

🧰 Maintenance

• 89a51a0 Add missing jreleaser.yml file. (Thomas Neidhart)
• 5325c11 chore: do not pin jreleaser workflow as verification will fail otherwise (Thomas Neidhart)
• 0a27fb1 chore: use v1.1.0-java of jreleaser/release-action (Thomas Neidhart)
• 5bf9209 chore: improve jreleaser labelling config (Thomas Neidhart)
• 7f1ed5a chore: add supported release for download script (Thomas Neidhart)
• 157324c chore: fix typo in README. (Thomas Neidhart)
• d4e543e chore: add download-github-release.sh script and update README (Thomas Neidhart)
• 79bc673 Replace autovalue with java records, add service tests (#254) (Thomas Neidhart)
• ca8e745 Reorganize profile wrt sbom generation; include cyclonedx plugin by default, move dependency check plugin into separate profile, upload artifacts after ci build. (#274) (Thomas Neidhart)
• bd76baf Generate SBOM and check for vulnerability during build (#246) (Mikaël Barbero)
• ace4d81 Delete .github/stale.yml (#266) (Thomas Neidhart)
• fcb0c72 chore: update maven wrapper and set minimum required maven version to 3.9.4 (#245) (Mikaël Barbero)
• 86edac1 Fix indentation in pom.xml. (Thomas Neidhart)

📦 Dependency updates

• 631ad42 Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.2 (#277) (dependabot[bot])
• ce51d51 Bump org.owasp:dependency-check-maven from 8.4.2 to 8.4.3 (#272) (dependabot[bot])
• 544eefb Bump com.fasterxml.jackson.core:jackson-databind from 2.15.3 to 2.16.0 (#273) (dependabot[bot])
• b5938e4 Bump org.eclipse.cbi:cbi-common from 1.4.2 to 1.4.3 (#269) (dependabot[bot])
• cef1a07 Bump the quarkus group with 1 update (#271) (dependabot[bot])
• 1518030 Bump surefire-plugin.version from 3.2.1 to 3.2.2 (#268) (dependabot[bot])
• 4d6c9ee Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 (#258) (dependabot[bot])
• 0516e9e Bump org.owasp:dependency-check-maven from 8.4.0 to 8.4.2 (#259) (dependabot[bot])
• 9a75e0e Bump com.fasterxml.jackson.core:jackson-databind from 2.13.4.2 to 2.15.3 (#261) (dependabot[bot])
• bd508fe Bump surefire-plugin.version from 3.1.2 to 3.2.1 (#260) (dependabot[bot])
• f75a319 Bump com.fasterxml.jackson.core:jackson-databind from 2.13.1 to 2.13.4.2 (#256) (dependabot[bot])
• 25564dd Bump the quarkus group with 1 update (dependabot[bot])
• cc208ca Bump com.squareup.okhttp3:okhttp from 4.11.0 to 4.12.0 (dependabot[bot])
• 83a4794 Bump the quarkus group with 1 update (dependabot[bot])
• b05592c Bump com.google.guava:guava from 32.1.2-jre to 32.1.3-jre (dependabot[bot])
• 3c9788f Bump com.squareup.okio:okio from 3.5.0 to 3.6.0 (dependabot[bot])
• 7873d20 Bump org.apache.maven.plugins:maven-artifact-plugin from 3.4.1 to 3.5.0 (dependabot[bot])
• f0f9cb9 Bump the quarkus group with 1 update (dependabot[bot])
• 7736d03 Bump the quarkus group with 1 update (dependabot[bot])

Contributors

We'd like to thank the following people for their contributions:

• Mikaël Barbero
• Thomas Neidhart (@netomi)

v1.2.0

🚀 Features

• Migrate to use notarytool instead of deprecated altool @netomi (#235)
• Atomate releases and generate slsa provenance @netomi (#240)

📦 Dependency updates

• Updated dependencies, plugins, and maven @mbarbero (#2)
• Bump cbi-common from 1.3.0-SNAPSHOT to 1.4.2 @dependabot (#178, #174, #170, #162, #145, #36, #14, #10)
• Bump okhttp from 4.9.1 to 4.11.0 @dependabot (#197, #117, #66, #53)
• Bump com.google.guava:guava from 30.1-jre to 32.1.2-jre @dependabot (#224, #215, #212, #207, #93, #55, #52, #6)
• Bump com.google.auto.value:auto-value-annotations from 1.7.4 to 1.10.4 @dependabot (#238, #229, #218, #154, #142, #73, #31, #15, #12, #7)
• Bump com.squareup.okio:okio from 2.10.0 to 3.5.0 @dependabot (#222, #219, #161, #120)
• Bump failsafe from 2.4.0 to 2.4.4 @dependabot (#51, #42, #39, #30)
• Bump moshi from 1.11.0 to 1.15.0 @dependabot (#205, #136, #72, #9)
• Bump quarkus from 1.12.0.Final to 3.4.0 @dependabot (#1, #4, #5, #8, #13, #16, #17, #18, #19, #20, #21, #22, #23, #70, #71, #74, #75, #76, #77, #81, #82, #84, #85, #129, #131, #132, #133, #134, #135, #137, #139, #140, #141, #143, #144, #146, #147, #152, #153, #155, #156, #157, #158, #159, #160, #163, #164, #165, #167, #168, #169, #172, #173, #180, #181, #182, #183, #190, #191, #192, #193, #211, #221, #223, #226, #231, #233, #236, #241)
• Bump surefire-plugin.version from 3.0.0-M4 to 3.1.2 @dependabot (#209, #201, #186, #179, #166, #116, #102, #3)
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.0.0-M3 to 3.4.1 @dependabot (#237, #232, #194, #171, #115, #35)
• Bump maven-compiler-plugin from 3.8.1 to 3.11.0 @dependabot (#184, #96, #90, #80)
• Bump org.apache.maven.plugins:maven-assembly-plugin from 3.3.0 to 3.6.0 @dependabot (#242)
• Bump maven-artifact-plugin from 3.2.0 to 3.4.1 @dependabot (#185, #176, #130)
• Bump maven-jar-plugin from 3.2.0 to 3.3.0 @dependabot (#138, #83, #79)

v1.1.0

This is the very first release of this component. 1.0.0 has never been officially released. This component stayed in 1.0.0-SNAPSHOT for a long time until we did a big upgrade jump on the main dependency (96dfdb8). Thus, it made sense to upgrade component's version, even though 1.0.0 was never released.

Release review at eclipse.org