Bump cyclonedx-core-java from 5.0.4 to 7.1.0

[dependabot]

Bumps cyclonedx-core-java from 5.0.4 to 7.1.0.

Changelog

Sourced from cyclonedx-core-java's changelog.

[7.1.0] - 2022-02-24

Added

• CHANGELOG.md, due to increasing major releases, a change log has been added to help further elaborate on why a release occurred, when, and major points related to it.

Removed

• PropertiesDeserializer.java and the associated test contributed from Lockheed Martin. The changed was predicated by a license header that is incompatible with the Apache 2.0 License, and causing some consumers grief. More at the issue where this was reported. Of note, a major release was skipped as this functionality was controlled by a property, and had to be opted in to.

[7.0.0] - 2022-02-22

Changed

• toJsonObject was changed to toJsonNode, removing a dependency on org.glassfish json-api, as well as javax json-api. This was done because those dependencies are GPLv2 with Classpath Exception, and while they can be likely used with minimal grief, they still raise eyebrows due to the license being associated with GPLv2. This method was modified to return the Jackson equivalent of JsonObject.

[6.0.0] - 2022-02-16

Added

• Support for CycloneDX 1.4 Schema in XML, JSON and protobuf (schema only for protobuf).
• Notable support of vulnerabilities object, previously an extension. Limited support for the extension left in place.

Commits

• d725a98 [maven-release-plugin] prepare release cyclonedx-core-java-7.1.0
• 401e562 Bump to SNAPSHOT
• 7bc8cd5 Remove PropertyDeserializer (#179)
• 1b65a7b [maven-release-plugin] prepare for next development iteration
• 64a7fd3 [maven-release-plugin] prepare release cyclonedx-core-java-7.0.0
• e0780b8 Update to include SNAPSHOT
• 55377ca Use JsonNode instead of JsonObject for JSON as an object type things (#176)
• 81da549 [maven-release-plugin] prepare for next development iteration
• db418d9 [maven-release-plugin] prepare release cyclonedx-core-java-6.0.0
• 18fd042 Added developers section
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #25.