Upgrade to CycloneDX version 1.6

[XSpielinbox]

Version 1.6 of the CycloneDX spec has been released on 09 April 2024.

The spec is available at https://cyclonedx.org/docs/1.6/json/

[hboutemy]

requires CycloneDX/cyclonedx-core-java#392

[VinodAnandan]

@XSpielinbox @hboutemy The CycloneDX Core Java version 9.00 has been released with CycloneDX 1.6 support, thanks to @mr-zepol, @stevespringett, and @nscuro for their help with this.

https://github.com/CycloneDX/cyclonedx-core-java/releases/tag/cyclonedx-core-java-9.0.0

[msymons]

A heads-up wrt progressing further.

cyclonedx-core-java v9.0.0 has had this issue reported: CycloneDX/cyclonedx-core-java/issues/409

It is being worked on with a fix due ASAP (thanks to @mr-zepol).

So, suggest it will be cyclonedx-core-java v9.0.1 that will be needed in order to unlock being able to add support for CycloneDX 1.6 in the maven plugin.

[msymons]

@hboutemy, with the release of cyclonedx-core-java v9.0.2 that addresses validation failures, things should now be unblocked, allowing support for CycloneDX 1.6 to be added to the maven plugin.

[hboutemy]

@msymons ok
is there any update to the generated content we should do while changing the dependency version? Or is it just about generating a new "1.6" value to the version field?