Bump cyclonedx-maven-plugin from 2.7.8 to 2.7.9

[dependabot]

Bumps cyclonedx-maven-plugin from 2.7.8 to 2.7.9.

Release notes

Sourced from cyclonedx-maven-plugin's releases.

2.7.9

• Tidy up code (#351) @​knrc

🚀 New features and improvements

• Add a test to ensure we handle relocations, closes #289 (#360) @​knrc
• Add support for maven optionality, fixes #314 (#356) @​knrc
• Remove extra dependency collection through Mojo annotation, fixes #354 (#355) @​knrc
• support Reproducible SBOM: drop UUID and timestamp when RB mode enabled (#353) @​hboutemy

🐛 Bug Fixes

• Fix makeAggregateBom failed: Unknown constant pool type 17 (#358) @​garydgregory

📦 Dependency updates

• Bump maven-gpg-plugin from 3.0.1 to 3.1.0 (#359) @​dependabot
• Bump junit-bom from 5.9.2 to 5.9.3 (#349) @​dependabot

Commits

• 4258a68 [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.7.9
• 0deaeec Merge pull request #360 from knrc/issue-289
• 14533c9 Merge branch 'knrc-maven_optionality'
• c76fd03 rename maven.optional SBOM property to maven.optional.unused, inserted in SBO...
• 6a4ac89 Merge pull request #359 from CycloneDX/dependabot/maven/org.apache.maven.plug...
• a4ef9d6 Add a test to ensure we handle relocations, closes #289
• 508c4fa Bump maven-gpg-plugin from 3.0.1 to 3.1.0
• f23deec Add support for maven optionality, fixes #314
• 886f8ab Merge pull request #358 from garydgregory/unknown_constant_pool_type_17
• df822b0 Fix makeAggregateBom failed: Unknown constant pool type 17 by updating maven-...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.