From f6d5cf35320f5268aca713156cf62a0336b219e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jan 2026 14:38:56 +0000 Subject: [PATCH 1/4] Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.21.2 to 1.22.1. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md) - [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.21.2...jsoup-1.22.1) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-version: 1.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 83613ed2..5020f1e2 100644 --- a/pom.xml +++ b/pom.xml @@ -121,7 +121,7 @@ org.jsoup jsoup - 1.21.2 + 1.22.1 com.google.code.findbugs From 5c374105eb5e3068bd941f7df38224c3c3b56a62 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 13:24:42 +0000 Subject: [PATCH 2/4] Bump org.sonatype.central:central-publishing-maven-plugin Bumps [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) from 0.9.0 to 0.10.0. - [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits) --- updated-dependencies: - dependency-name: org.sonatype.central:central-publishing-maven-plugin dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5020f1e2..d06c95bd 100644 --- a/pom.xml +++ b/pom.xml @@ -206,7 +206,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.9.0 + 0.10.0 true central From ad0c83f594ceae57a9cc14d5415e5ec17c3f9606 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 13:24:31 +0000 Subject: [PATCH 3/4] Bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.1.9 to 12.2.0. - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.1.9...v12.2.0) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d06c95bd..7edf9393 100644 --- a/pom.xml +++ b/pom.xml @@ -41,7 +41,7 @@ https://sonarcloud.io spdx java-spdx-library - 12.1.9 + 12.2.0 From 25dbbdcb88a7cf08cdc12f090453d3e8a6230983 Mon Sep 17 00:00:00 2001 From: aniruth37 Date: Thu, 5 Feb 2026 00:02:38 +0530 Subject: [PATCH 4/4] fix: add creator comment field in Spdx2to3converter --- .../java/org/spdx/library/conversion/Spdx2to3Converter.java | 1 + .../org/spdx/library/conversion/Spdx2to3ConverterTest.java | 3 +++ 2 files changed, 4 insertions(+) diff --git a/src/main/java/org/spdx/library/conversion/Spdx2to3Converter.java b/src/main/java/org/spdx/library/conversion/Spdx2to3Converter.java index 52241283..0bb9a0ad 100644 --- a/src/main/java/org/spdx/library/conversion/Spdx2to3Converter.java +++ b/src/main/java/org/spdx/library/conversion/Spdx2to3Converter.java @@ -315,6 +315,7 @@ public static CreationInfo convertCreationInfo( CreationInfo retval = new CreationInfo.CreationInfoBuilder(modelStore, modelStore.getNextId(IdType.Anonymous), null) .setCreated(creationInfoV2.getCreated()) .setSpecVersion(SpdxConstantsV3.MODEL_SPEC_VERSION) + .setComment(creationInfoV2.getComment().orElse(null)) .build(); retval.setIdPrefix(uriPrefix); for (String docCreator:creationInfoV2.getCreators()) { diff --git a/src/test/java/org/spdx/library/conversion/Spdx2to3ConverterTest.java b/src/test/java/org/spdx/library/conversion/Spdx2to3ConverterTest.java index 310e075c..3675e0df 100644 --- a/src/test/java/org/spdx/library/conversion/Spdx2to3ConverterTest.java +++ b/src/test/java/org/spdx/library/conversion/Spdx2to3ConverterTest.java @@ -137,12 +137,14 @@ public void testConvertCreationInfo() throws InvalidSPDXAnalysisException { String organizationCreatorName = "Source Auditor Inc."; String organizationCreator = SpdxConstantsCompatV2.CREATOR_PREFIX_ORGANIZATION + organizationCreatorName; String created = "2010-01-29T18:30:22Z"; + String comment = "Test creation info comment"; String licenseListVersion = "3.21"; SpdxCreatorInformation creatorInfo = new SpdxCreatorInformation(fromModelStore, DOCUMENT_URI, creatorId, copyManager, true); creatorInfo.getCreators().add(personCreator); creatorInfo.getCreators().add(toolCreator); creatorInfo.getCreators().add(organizationCreator); creatorInfo.setCreated(created); + creatorInfo.setComment(comment); creatorInfo.setLicenseListVersion(licenseListVersion); List verify = creatorInfo.verify(); assertTrue(verify.isEmpty()); @@ -173,6 +175,7 @@ public void testConvertCreationInfo() throws InvalidSPDXAnalysisException { assertEquals(1, tools.length); assertEquals(toolCreatorName, tools[0].getName().get()); assertEquals(created, result.getCreated()); + assertEquals(comment, result.getComment().orElse(null)); assertEquals(IdType.Anonymous, toModelStore.getIdType(result.getObjectUri())); verify = result.verify(); assertTrue(verify.isEmpty());