Merge pull request #5 from CycloneDX/master

gdgib-roche · web-flow · commit 6bdf644867d9 · 2024-04-18T09:45:48.000-07:00
Merge from upstream
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -38,7 +38,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -49,7 +49,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -63,4 +63,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4.1.1
       - name: Set up JDK 8
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 8
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4.1.1
     - name: Set up JDK ${{ matrix.java-version }}
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         distribution: ${{ matrix.distro }}
         java-version: ${{ matrix.java-version }}
diff --git a/pom.xml b/pom.xml
@@ -84,11 +84,11 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- Maven Plugin Versions -->
-        <maven.cyclonedx.plugin.version>2.7.9</maven.cyclonedx.plugin.version>
-        <maven.javadoc.plugin.version>3.6.0</maven.javadoc.plugin.version>
+        <maven.cyclonedx.plugin.version>2.7.10</maven.cyclonedx.plugin.version>
+        <maven.javadoc.plugin.version>3.6.3</maven.javadoc.plugin.version>
         <maven.source.plugin.version>3.3.0</maven.source.plugin.version>
         <maven.jar.plugin.version>3.3.0</maven.jar.plugin.version>
-        <maven.github.release.plugin.version>1.4.0</maven.github.release.plugin.version>
+        <maven.github.release.plugin.version>1.6.0</maven.github.release.plugin.version>
         <project.build.outputTimestamp>2023-10-25T16:32:28Z</project.build.outputTimestamp>
     </properties>
 
@@ -166,28 +166,28 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.14.0</version>
+            <version>2.15.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.13.0</version>
+            <version>3.14.0</version>
         </dependency>
 
         <!-- Package URL -->
 
         <dependency>
             <groupId>com.github.package-url</groupId>
             <artifactId>packageurl-java</artifactId>
-            <version>1.4.1</version>
+            <version>1.5.0</version>
         </dependency>
 
         <!-- XML Parser, Generator, JSON Parser -->
 
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-xml</artifactId>
-            <version>2.15.3</version>
+            <version>2.16.1</version>
         </dependency>
 
         <!-- JSON Schema library -->
@@ -210,7 +210,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.10.0</version>
+            <version>5.10.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -291,7 +291,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.2.1</version>
+                    <version>3.2.2</version>
                 </plugin>
             </plugins>
         </pluginManagement>
diff --git a/src/main/java/org/cyclonedx/util/LicenseResolver.java b/src/main/java/org/cyclonedx/util/LicenseResolver.java
@@ -32,6 +32,8 @@
 
 public final class LicenseResolver {
 
+    private static LicenseList licenses;
+
     /**
      * Private constructor.
      */
@@ -101,9 +103,11 @@ static LicenseChoice resolve(final String licenseString, final LicenseTextSettin
     private static LicenseChoice resolveLicenseString(String licenseString, LicenseTextSettings licenseTextSettings, final ObjectMapper mapper)
         throws IOException
     {
-        final InputStream is = LicenseResolver.class.getResourceAsStream("/licenses/licenses.json");
+        if (licenses == null) {
+          final InputStream is = LicenseResolver.class.getResourceAsStream("/licenses/licenses.json");
 
-        final LicenseList licenses = mapper.readValue(is, LicenseList.class);
+          licenses = mapper.readValue(is, LicenseList.class);        
+        }
 
         if (licenses != null && licenses.licenses != null && !licenses.licenses.isEmpty()) {
             for (LicenseDetail licenseDetail : licenses.licenses) {
