Bump org.cyclonedx:cyclonedx-core-java from 7.3.2 to 9.0.4

[dependabot]

Bumps org.cyclonedx:cyclonedx-core-java from 7.3.2 to 9.0.4.

Release notes

Sourced from org.cyclonedx:cyclonedx-core-java's releases.

9.0.4

What's Changed

Enhancements 🚀

• Add GitHub release notes config; Remove release-drafter by @​nscuro in CycloneDX/cyclonedx-core-java#432

Bug Fixes 🐛

• Fix possible XXE during XML schema version detection by @​mr-zepol in CycloneDX/cyclonedx-core-java#434
  • See also security advisory GHSA-683x-4444-jxh8
• Fix path to jacoco.xml for PR coverage reporting by @​nscuro in CycloneDX/cyclonedx-core-java#433

Dependency Updates 🤖

• Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 by @​dependabot in CycloneDX/cyclonedx-core-java#435
• Bump com.networknt:json-schema-validator from 1.4.0 to 1.4.2 by @​dependabot in CycloneDX/cyclonedx-core-java#436

Full Changelog: CycloneDX/cyclonedx-core-java@cyclonedx-core-java-9.0.3...cyclonedx-core-java-9.0.4

cyclonedx-core-java-9.0.3

What's Changed

• Code Improvements by @​mr-zepol in CycloneDX/cyclonedx-core-java#376
• Add extensible types during license serialization by @​mr-zepol in CycloneDX/cyclonedx-core-java#414
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 by @​dependabot in CycloneDX/cyclonedx-core-java#417
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 by @​dependabot in CycloneDX/cyclonedx-core-java#415
• Add missing equals and hashCode by @​mr-zepol in CycloneDX/cyclonedx-core-java#419
• Bump actions/checkout from 4.1.6 to 4.1.7 by @​dependabot in CycloneDX/cyclonedx-core-java#420
• Fix Evidence Serialization by @​mr-zepol in CycloneDX/cyclonedx-core-java#423
• Improve De/Serializer by @​mr-zepol in CycloneDX/cyclonedx-core-java#421
• Add Missing Annotations to filter based on spec by @​mr-zepol in CycloneDX/cyclonedx-core-java#416
• External References and Metadata Validations by @​mr-zepol in CycloneDX/cyclonedx-core-java#426
• Add CODEOWNERS file by @​nscuro in CycloneDX/cyclonedx-core-java#425
• Serializer for Properties and Hashes for backwards compatibility by @​mr-zepol in CycloneDX/cyclonedx-core-java#428
• Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 by @​dependabot in CycloneDX/cyclonedx-core-java#429
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 by @​dependabot in CycloneDX/cyclonedx-core-java#430
• CI pipeline improvements by @​nscuro in CycloneDX/cyclonedx-core-java#424
• Fix order of elements for generated SBOMs to match the specs by @​mr-zepol in CycloneDX/cyclonedx-core-java#431

Full Changelog: https://github.com/CycloneDX/cyclonedx-core-java/commits/cyclonedx-core-java-9.0.3

Commits

• d94df35 [maven-release-plugin] prepare release cyclonedx-core-java-9.0.4
• a2afc1d bump
• 8797962 Merge pull request #436 from CycloneDX/dependabot/maven/com.networknt-json-sc...
• 264aa83 Bump com.networknt:json-schema-validator from 1.4.0 to 1.4.2
• 6dfb5bb Merge pull request #435 from CycloneDX/dependabot/maven/org.apache.maven.plug...
• 5e1d3a9 Merge pull request #433 from CycloneDX/nscuro-patch-1
• a1ccc62 Merge pull request #432 from nscuro/release-notes-config
• 2a9f552 Merge pull request #434 from CycloneDX/xxe_protection
• ab0bc9c XXE Protection
• b9ff25d Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.