Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2025-10-19 07:53:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
6391 commits 57 branches 80 tags 118 MiB
Commit graph

6391 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
128b0b1d17
build(deps): bump org.metaeffekt.core:ae-security 
Bumps org.metaeffekt.core:ae-security from 0.145.0 to 0.145.2.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.145.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 08:02:03 +00:00
Niklas
6cbafd3bef
Merge pull request #5367 from DependencyTrack/dependabot/maven/io.github.ascopes-protobuf-maven-plugin-3.10.0 2025-10-01 10:43:07 +02:00
Niklas
93109a5249
Merge pull request #5369 from DependencyTrack/dependabot/maven/org.metaeffekt.core-ae-security-0.145.0 2025-10-01 10:42:32 +02:00
dependabot[bot]
e130776fc9
build(deps): bump org.metaeffekt.core:ae-security 
Bumps org.metaeffekt.core:ae-security from 0.144.1 to 0.145.0.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.145.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 08:02:41 +00:00
dependabot[bot]
d924b7e940
build(deps): bump io.github.ascopes:protobuf-maven-plugin 
Bumps [io.github.ascopes:protobuf-maven-plugin](https://github.com/ascopes/protobuf-maven-plugin) from 3.9.1 to 3.10.0.
- [Release notes](https://github.com/ascopes/protobuf-maven-plugin/releases)
- [Commits](https://github.com/ascopes/protobuf-maven-plugin/compare/v3.9.1...v3.10.0)

---
updated-dependencies:
- dependency-name: io.github.ascopes:protobuf-maven-plugin
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 08:01:33 +00:00
Niklas
c5baa3de4c
Merge pull request #5364 from DependencyTrack/dependabot/maven/com.icegreen-greenmail-junit5-2.1.6 2025-09-30 10:29:32 +02:00
Niklas
4346fb0573
Merge pull request #5362 from DependencyTrack/dependabot/maven/org.apache.httpcomponents.client5-httpclient5-5.5.1 2025-09-30 10:29:14 +02:00
Niklas
01e4434ad0
Merge pull request #5365 from DependencyTrack/dependabot/docker/src/main/docker/debian-d6743b7 2025-09-30 10:28:49 +02:00
Niklas
f1baf563f8
Merge pull request #5361 from DependencyTrack/dependabot/maven/org.codehaus.mojo-exec-maven-plugin-3.6.0 2025-09-30 10:27:21 +02:00
dependabot[bot]
8479debff6
build(deps): bump debian from 0c80836 to d6743b7 in /src/main/docker 
Bumps debian from `0c80836` to `d6743b7`.

---
updated-dependencies:
- dependency-name: debian
  dependency-version: stable-slim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-30 08:04:10 +00:00
dependabot[bot]
0a4f065615
build(deps-dev): bump com.icegreen:greenmail-junit5 from 2.1.5 to 2.1.6 
Bumps [com.icegreen:greenmail-junit5](https://github.com/greenmail-mail-test/greenmail) from 2.1.5 to 2.1.6.
- [Release notes](https://github.com/greenmail-mail-test/greenmail/releases)
- [Commits](https://github.com/greenmail-mail-test/greenmail/compare/release-2.1.5...release-2.1.6)

---
updated-dependencies:
- dependency-name: com.icegreen:greenmail-junit5
  dependency-version: 2.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-30 08:02:49 +00:00
dependabot[bot]
bff326eead
build(deps): bump org.apache.httpcomponents.client5:httpclient5 
Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.5 to 5.5.1.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.5.1/RELEASE_NOTES.txt)
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5...rel/v5.5.1)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-30 08:02:08 +00:00
dependabot[bot]
2034596898
build(deps): bump org.codehaus.mojo:exec-maven-plugin 
Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](https://github.com/mojohaus/exec-maven-plugin/compare/3.5.1...3.6.0)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-30 08:01:50 +00:00
Niklas
2e3476aae6
Merge pull request #5310 from stohrendorf/issue-5284 2025-09-29 15:33:38 +02:00
Niklas
760250061e
Merge pull request #5347 from DependencyTrack/dependabot/maven/com.google.cloud.sql-mysql-socket-factory-connector-j-8-1.25.3 2025-09-29 15:06:00 +02:00
dependabot[bot]
395fb8a738
build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 
Bumps com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.24.1 to 1.25.3.

---
updated-dependencies:
- dependency-name: com.google.cloud.sql:mysql-socket-factory-connector-j-8
  dependency-version: 1.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-29 12:41:13 +00:00
Niklas
c4752dba98
Merge pull request #5340 from DependencyTrack/dependabot/github_actions/github/codeql-action-3.30.5 2025-09-29 12:27:11 +02:00
Niklas
428845493d
Merge pull request #5345 from DependencyTrack/dependabot/github_actions/actions/dependency-review-action-4.8.0 2025-09-29 12:26:16 +02:00
Niklas
32a996619b
Merge pull request #5344 from DependencyTrack/dependabot/maven/com.puppycrawl.tools-checkstyle-11.1.0 2025-09-29 12:24:48 +02:00
dependabot[bot]
0c4bb92f60
build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.3 to 4.8.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](595b5aeba7...56339e523c)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-29 09:58:19 +00:00
dependabot[bot]
599425f729
build(deps): bump com.puppycrawl.tools:checkstyle from 11.0.1 to 11.1.0 
Bumps [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) from 11.0.1 to 11.1.0.
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-11.0.1...checkstyle-11.1.0)

---
updated-dependencies:
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-29 09:58:18 +00:00
dependabot[bot]
f316bb98b7
build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.3 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](192325c861...3599b3baa1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-29 09:31:43 +00:00
Niklas
9324e7bdbc
Merge pull request #5338 from nscuro/bump-license-list-3.27.0 2025-09-29 11:22:41 +02:00
Niklas
72ea155728
Merge pull request #5337 from nscuro/bump-alpine.3.3.0 2025-09-29 11:15:16 +02:00
nscuro
5bbd639992
Bump SPDX license list to 3.27.0 
Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 11:06:59 +02:00
nscuro
95f81535a0
Fix BOM generation being skipped when not running deploy goal 
Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 10:59:58 +02:00
nscuro
4fd419b658
Remove watchdog property 
The watchdog logger feature has been removed in Alpine 3.3.0

Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 10:54:28 +02:00
nscuro
c8381ec19f
Remove redundantly managed commons-lang3 version 
The newest version now comes in via `alpine-common`.

Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 10:51:31 +02:00
nscuro
5fd23fe72e
Switch to wiremock-standalone 
To prevent it from interfering with our Jetty dependencies, or conversely being interfered with by the dependency versions defined by Alpine.

Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 10:50:36 +02:00
nscuro
9d3a0a441a
Bump Alpine to 3.3.0 
Fixes https://github.com/DependencyTrack/dependency-track/issues/5021

Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 10:43:00 +02:00
Niklas
ebf302bec4
Merge pull request #5336 from nscuro/cdx-core-java-11 2025-09-29 10:19:52 +02:00
nscuro
540ab1a7e4
Bump cyclonedx-core-java to 11.0.0 
Fixes https://github.com/DependencyTrack/dependency-track/issues/5272
Fixes https://github.com/DependencyTrack/dependency-track/issues/4908

Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-29 09:45:54 +02:00
Niklas
20c9ebb98b
Merge pull request #5334 from nscuro/java-25-image 2025-09-28 18:44:48 +02:00
Niklas
a04b89ddca
Merge pull request #5315 from DependencyTrack/dependabot/maven/lib.resilience4j.version-2.3.0 2025-09-28 18:44:25 +02:00
dependabot[bot]
0978b813f8
build(deps): bump lib.resilience4j.version from 2.2.0 to 2.3.0 
Bumps `lib.resilience4j.version` from 2.2.0 to 2.3.0.

Updates `io.github.resilience4j:resilience4j-retry` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/resilience4j/resilience4j/releases)
- [Changelog](https://github.com/resilience4j/resilience4j/blob/master/RELEASENOTES.adoc)
- [Commits](https://github.com/resilience4j/resilience4j/compare/v2.2.0...v2.3.0)

Updates `io.github.resilience4j:resilience4j-ratelimiter` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/resilience4j/resilience4j/releases)
- [Changelog](https://github.com/resilience4j/resilience4j/blob/master/RELEASENOTES.adoc)
- [Commits](https://github.com/resilience4j/resilience4j/compare/v2.2.0...v2.3.0)

Updates `io.github.resilience4j:resilience4j-micrometer` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/resilience4j/resilience4j/releases)
- [Changelog](https://github.com/resilience4j/resilience4j/blob/master/RELEASENOTES.adoc)
- [Commits](https://github.com/resilience4j/resilience4j/compare/v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: io.github.resilience4j:resilience4j-retry
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.github.resilience4j:resilience4j-ratelimiter
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.github.resilience4j:resilience4j-micrometer
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-28 14:38:00 +00:00
Niklas
86f35b47e9
Merge pull request #5317 from DependencyTrack/dependabot/maven/com.google.cloud.sql-postgres-socket-factory-1.25.3 2025-09-28 16:37:31 +02:00
nscuro
09c493adf5
Bump container images to Java 25 
Updates the JDK and JRE used to build the container images to Java 25, and enables the compact object headers feature (https://openjdk.org/jeps/519) for reduced CPU and memory overhead.

We will continue to build and test the application itself against Java 21 for the time being, and it will continue to be executable on Java 21 as well. This change purely affects the default image we distribute.

Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-09-28 16:35:18 +02:00
Niklas
a9de0db406
Merge pull request #5324 from DependencyTrack/dependabot/maven/org.eclipse.angus-angus-mail-2.0.5 2025-09-28 16:11:56 +02:00
dependabot[bot]
46b9d6ad0e
build(deps): bump org.eclipse.angus:angus-mail from 2.0.4 to 2.0.5 
Bumps [org.eclipse.angus:angus-mail](https://github.com/eclipse-ee4j/angus-mail) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/eclipse-ee4j/angus-mail/releases)
- [Commits](https://github.com/eclipse-ee4j/angus-mail/compare/2.0.4...2.0.5)

---
updated-dependencies:
- dependency-name: org.eclipse.angus:angus-mail
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-24 08:02:41 +00:00
Niklas
d5ad7da25e
Merge pull request #5323 from jonbally/fix-5322 2025-09-24 09:35:39 +02:00
jonbally
52a8be249c Implemented check for empty timestamp files 
In the rare case that a timestamp file (.ts) is empty due to a
crash or other ungraceful shutdown, the affected file will be
read and parsed which causes an exception to be thrown. This
would happen every time the task runs and thus not self correct.
This fix will make sure the empty/corrupted .ts files are
overwritten and the corresponding file is reacquired.

Signed-off-by: jonbally <19593213+jonbally@users.noreply.github.com>
 2025-09-23 23:54:54 +02:00
Steffen Ohrendorf
91754d2e77
download OSV mirror files to temp files to keep connection lifetime short 
Signed-off-by: Steffen Ohrendorf <steffen.ohrendorf@gmx.de>
 2025-09-23 18:31:18 +02:00
Niklas
60e0699b93
Merge pull request #5320 from DependencyTrack/dependabot/maven/io.swagger.parser.v3-swagger-parser-2.1.34 2025-09-23 10:41:59 +02:00
dependabot[bot]
db5de0706b
build(deps-dev): bump io.swagger.parser.v3:swagger-parser 
Bumps [io.swagger.parser.v3:swagger-parser](https://github.com/swagger-api/swagger-parser) from 2.1.25 to 2.1.34.
- [Release notes](https://github.com/swagger-api/swagger-parser/releases)
- [Commits](https://github.com/swagger-api/swagger-parser/compare/v2.1.25...v2.1.34)

---
updated-dependencies:
- dependency-name: io.swagger.parser.v3:swagger-parser
  dependency-version: 2.1.34
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 08:02:12 +00:00
Anant Kurapati
b5b9ed6942
Add Support for CycloneDX Scope Data (#5224) 2025-09-22 14:38:31 +02:00
Niklas
822d7201db
Merge pull request #5316 from DependencyTrack/dependabot/maven/org.postgresql-postgresql-42.7.8 2025-09-22 10:24:08 +02:00
dependabot[bot]
13fed0320a
build(deps): bump com.google.cloud.sql:postgres-socket-factory 
Bumps com.google.cloud.sql:postgres-socket-factory from 1.24.1 to 1.25.3.

---
updated-dependencies:
- dependency-name: com.google.cloud.sql:postgres-socket-factory
  dependency-version: 1.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 08:13:29 +00:00
dependabot[bot]
3b53d83b03
build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.7 to 42.7.8.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.7.7...REL42.7.8)

---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 08:12:52 +00:00
Niklas
c4591456e1
Merge pull request #5306 from DependencyTrack/dependabot/maven/org.metaeffekt.core-ae-security-0.144.1 2025-09-22 09:59:10 +02:00
Niklas
648624f7bc
Merge pull request #5312 from DependencyTrack/dependabot/maven/com.puppycrawl.tools-checkstyle-11.0.1 2025-09-22 09:58:52 +02:00