Release v1.3.0

Changelog

🚀 Features

• 376b71d Use jreleaser, remove release-drafter. (#279) (Thomas Neidhart)
• 97b8c36 feat: switch prod to .146 (Mikaël Barbero)
• 57ffdc8 feat: add staging deployment configuration (Mikaël Barbero)

🧰 Maintenance

• 89a51a0 Add missing jreleaser.yml file. (Thomas Neidhart)
• 5325c11 chore: do not pin jreleaser workflow as verification will fail otherwise (Thomas Neidhart)
• 0a27fb1 chore: use v1.1.0-java of jreleaser/release-action (Thomas Neidhart)
• 5bf9209 chore: improve jreleaser labelling config (Thomas Neidhart)
• 7f1ed5a chore: add supported release for download script (Thomas Neidhart)
• 157324c chore: fix typo in README. (Thomas Neidhart)
• d4e543e chore: add download-github-release.sh script and update README (Thomas Neidhart)
• 79bc673 Replace autovalue with java records, add service tests (#254) (Thomas Neidhart)
• ca8e745 Reorganize profile wrt sbom generation; include cyclonedx plugin by default, move dependency check plugin into separate profile, upload artifacts after ci build. (#274) (Thomas Neidhart)
• bd76baf Generate SBOM and check for vulnerability during build (#246) (Mikaël Barbero)
• ace4d81 Delete .github/stale.yml (#266) (Thomas Neidhart)
• fcb0c72 chore: update maven wrapper and set minimum required maven version to 3.9.4 (#245) (Mikaël Barbero)
• 86edac1 Fix indentation in pom.xml. (Thomas Neidhart)

📦 Dependency updates

• 631ad42 Bump org.owasp:dependency-check-maven from 8.4.3 to 9.0.2 (#277) (dependabot[bot])
• ce51d51 Bump org.owasp:dependency-check-maven from 8.4.2 to 8.4.3 (#272) (dependabot[bot])
• 544eefb Bump com.fasterxml.jackson.core:jackson-databind from 2.15.3 to 2.16.0 (#273) (dependabot[bot])
• b5938e4 Bump org.eclipse.cbi:cbi-common from 1.4.2 to 1.4.3 (#269) (dependabot[bot])
• cef1a07 Bump the quarkus group with 1 update (#271) (dependabot[bot])
• 1518030 Bump surefire-plugin.version from 3.2.1 to 3.2.2 (#268) (dependabot[bot])
• 4d6c9ee Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 (#258) (dependabot[bot])
• 0516e9e Bump org.owasp:dependency-check-maven from 8.4.0 to 8.4.2 (#259) (dependabot[bot])
• 9a75e0e Bump com.fasterxml.jackson.core:jackson-databind from 2.13.4.2 to 2.15.3 (#261) (dependabot[bot])
• bd508fe Bump surefire-plugin.version from 3.1.2 to 3.2.1 (#260) (dependabot[bot])
• f75a319 Bump com.fasterxml.jackson.core:jackson-databind from 2.13.1 to 2.13.4.2 (#256) (dependabot[bot])
• 25564dd Bump the quarkus group with 1 update (dependabot[bot])
• cc208ca Bump com.squareup.okhttp3:okhttp from 4.11.0 to 4.12.0 (dependabot[bot])
• 83a4794 Bump the quarkus group with 1 update (dependabot[bot])
• b05592c Bump com.google.guava:guava from 32.1.2-jre to 32.1.3-jre (dependabot[bot])
• 3c9788f Bump com.squareup.okio:okio from 3.5.0 to 3.6.0 (dependabot[bot])
• 7873d20 Bump org.apache.maven.plugins:maven-artifact-plugin from 3.4.1 to 3.5.0 (dependabot[bot])
• f0f9cb9 Bump the quarkus group with 1 update (dependabot[bot])
• 7736d03 Bump the quarkus group with 1 update (dependabot[bot])

Contributors

We'd like to thank the following people for their contributions:

• Mikaël Barbero
• Thomas Neidhart (@netomi)

v1.2.0

🚀 Features

• Migrate to use notarytool instead of deprecated altool @netomi (#235)
• Atomate releases and generate slsa provenance @netomi (#240)

📦 Dependency updates

• Updated dependencies, plugins, and maven @mbarbero (#2)
• Bump cbi-common from 1.3.0-SNAPSHOT to 1.4.2 @dependabot (#178, #174, #170, #162, #145, #36, #14, #10)
• Bump okhttp from 4.9.1 to 4.11.0 @dependabot (#197, #117, #66, #53)
• Bump com.google.guava:guava from 30.1-jre to 32.1.2-jre @dependabot (#224, #215, #212, #207, #93, #55, #52, #6)
• Bump com.google.auto.value:auto-value-annotations from 1.7.4 to 1.10.4 @dependabot (#238, #229, #218, #154, #142, #73, #31, #15, #12, #7)
• Bump com.squareup.okio:okio from 2.10.0 to 3.5.0 @dependabot (#222, #219, #161, #120)
• Bump failsafe from 2.4.0 to 2.4.4 @dependabot (#51, #42, #39, #30)
• Bump moshi from 1.11.0 to 1.15.0 @dependabot (#205, #136, #72, #9)
• Bump quarkus from 1.12.0.Final to 3.4.0 @dependabot (#1, #4, #5, #8, #13, #16, #17, #18, #19, #20, #21, #22, #23, #70, #71, #74, #75, #76, #77, #81, #82, #84, #85, #129, #131, #132, #133, #134, #135, #137, #139, #140, #141, #143, #144, #146, #147, #152, #153, #155, #156, #157, #158, #159, #160, #163, #164, #165, #167, #168, #169, #172, #173, #180, #181, #182, #183, #190, #191, #192, #193, #211, #221, #223, #226, #231, #233, #236, #241)
• Bump surefire-plugin.version from 3.0.0-M4 to 3.1.2 @dependabot (#209, #201, #186, #179, #166, #116, #102, #3)
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.0.0-M3 to 3.4.1 @dependabot (#237, #232, #194, #171, #115, #35)
• Bump maven-compiler-plugin from 3.8.1 to 3.11.0 @dependabot (#184, #96, #90, #80)
• Bump org.apache.maven.plugins:maven-assembly-plugin from 3.3.0 to 3.6.0 @dependabot (#242)
• Bump maven-artifact-plugin from 3.2.0 to 3.4.1 @dependabot (#185, #176, #130)
• Bump maven-jar-plugin from 3.2.0 to 3.3.0 @dependabot (#138, #83, #79)

v1.1.0

This is the very first release of this component. 1.0.0 has never been officially released. This component stayed in 1.0.0-SNAPSHOT for a long time until we did a big upgrade jump on the main dependency (96dfdb8). Thus, it made sense to upgrade component's version, even though 1.0.0 was never released.

Release review at eclipse.org