Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2025-12-08 06:09:51 +00:00
Code Issues Projects Releases Packages Wiki Activity
6574 commits 61 branches 81 tags 126 MiB
Commit graph

6574 commits

This branch
This branch
All branches
Author SHA1 Message Date
Niklas
2139692d06
Merge pull request #5599 from DependencyTrack/dependabot/maven/io.swagger.parser.v3-swagger-parser-2.1.36 2025-12-05 14:10:46 +01:00
Niklas
3e4778f2d8
Merge pull request #5598 from DependencyTrack/dependabot/maven/io.github.ascopes-protobuf-maven-plugin-4.0.3 2025-12-05 14:10:08 +01:00
dependabot[bot]
82a66fda65
build(deps-dev): bump io.swagger.parser.v3:swagger-parser 
Bumps [io.swagger.parser.v3:swagger-parser](https://github.com/swagger-api/swagger-parser) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/swagger-api/swagger-parser/releases)
- [Commits](https://github.com/swagger-api/swagger-parser/compare/v2.1.35...v2.1.36)

---
updated-dependencies:
- dependency-name: io.swagger.parser.v3:swagger-parser
  dependency-version: 2.1.36
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-05 08:01:24 +00:00
dependabot[bot]
e0594f4a0b
build(deps): bump io.github.ascopes:protobuf-maven-plugin 
Bumps [io.github.ascopes:protobuf-maven-plugin](https://github.com/ascopes/protobuf-maven-plugin) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/ascopes/protobuf-maven-plugin/releases)
- [Commits](https://github.com/ascopes/protobuf-maven-plugin/compare/v4.0.2...v4.0.3)

---
updated-dependencies:
- dependency-name: io.github.ascopes:protobuf-maven-plugin
  dependency-version: 4.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-05 08:01:17 +00:00
Niklas
2b67f6b552
Merge pull request #5579 from DependencyTrack/dependabot/maven/org.metaeffekt.core-ae-security-0.149.0 2025-12-04 12:18:18 +01:00
Niklas
979e4918f8
Merge pull request #5588 from DependencyTrack/dependabot/maven/com.puppycrawl.tools-checkstyle-12.2.0 2025-12-04 12:17:58 +01:00
Niklas
22721249f8
Merge pull request #5592 from DependencyTrack/dependabot/docker/src/main/docker/alpine-3.23 2025-12-04 12:17:16 +01:00
dependabot[bot]
91a016efad
build(deps): bump alpine from 3.22 to 3.23 in /src/main/docker 
Bumps alpine from 3.22 to 3.23.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: '3.23'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-04 08:03:30 +00:00
dependabot[bot]
2fd16ded1f
build(deps): bump com.puppycrawl.tools:checkstyle from 12.1.2 to 12.2.0 
Bumps [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) from 12.1.2 to 12.2.0.
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-12.1.2...checkstyle-12.2.0)

---
updated-dependencies:
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 12.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-02 08:01:21 +00:00
Niklas
e822f43c1c
Merge pull request #5585 from DependencyTrack/dependabot/github_actions/github/codeql-action-4.31.5 2025-12-01 11:59:34 +01:00
Niklas
dba28ab88e
Merge pull request #5580 from DependencyTrack/dependabot/maven/io.pebbletemplates-pebble-4.0.0 2025-12-01 11:59:17 +01:00
dependabot[bot]
6e43d73989
build(deps): bump github/codeql-action from 4.31.4 to 4.31.5 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.4 to 4.31.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e12f017898...fdbfb4d275)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 09:00:03 +00:00
dependabot[bot]
2ba24746a6
build(deps): bump io.pebbletemplates:pebble from 3.2.4 to 4.0.0 
Bumps [io.pebbletemplates:pebble](https://github.com/PebbleTemplates/pebble) from 3.2.4 to 4.0.0.
- [Release notes](https://github.com/PebbleTemplates/pebble/releases)
- [Commits](https://github.com/PebbleTemplates/pebble/compare/3.2.4...4.0.0)

---
updated-dependencies:
- dependency-name: io.pebbletemplates:pebble
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-28 08:01:25 +00:00
dependabot[bot]
ae2aa38631
build(deps): bump org.metaeffekt.core:ae-security 
Bumps org.metaeffekt.core:ae-security from 0.148.0 to 0.149.0.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.149.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-28 08:01:13 +00:00
Niklas
01847b79fd
Merge pull request #5574 from snieguu/5561 2025-11-27 11:11:14 +01:00
Niklas
28a842d959
Merge pull request #5562 from DependencyTrack/dependabot/maven/net.javacrumbs.json-unit-json-unit-assertj-5.1.0 2025-11-27 11:09:13 +01:00
Niklas
873d27b7eb
Merge pull request #5563 from DependencyTrack/dependabot/docker/src/main/docker/debian-7cb087f 2025-11-27 11:08:52 +01:00
Niklas
dd6b42ded5
Merge pull request #5571 from DependencyTrack/dependabot/maven/org.metaeffekt.core-ae-security-0.148.0 2025-11-27 11:07:43 +01:00
Niklas
0ac93bf0e3
Merge pull request #5572 from DependencyTrack/dependabot/github_actions/github/codeql-action-4.31.4 2025-11-27 11:07:25 +01:00
Niklas
89b5066773
Merge pull request #5573 from DependencyTrack/dependabot/github_actions/actions/checkout-6.0.0 2025-11-27 11:07:10 +01:00
Damian Sniezek
4a34de67ac fix: add correct UTF-8 encoding to notification payload 
Signed-off-by: Damian Sniezek <snieguu@gmail.com>
 2025-11-24 13:20:05 +01:00
dependabot[bot]
bed646980e
build(deps): bump actions/checkout from 5.0.0 to 6.0.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 08:02:32 +00:00
dependabot[bot]
d6a1a7ffaa
build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](014f16e7ab...e12f017898)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 08:02:26 +00:00
dependabot[bot]
9d17f9279c
build(deps): bump org.metaeffekt.core:ae-security 
Bumps org.metaeffekt.core:ae-security from 0.147.0 to 0.148.0.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.148.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 08:01:48 +00:00
dependabot[bot]
87609fe115
build(deps): bump debian from 067a7e8 to 7cb087f in /src/main/docker 
Bumps debian from `067a7e8` to `7cb087f`.

---
updated-dependencies:
- dependency-name: debian
  dependency-version: stable-slim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 08:03:27 +00:00
dependabot[bot]
7c9699334a
build(deps-dev): bump net.javacrumbs.json-unit:json-unit-assertj 
Bumps [net.javacrumbs.json-unit:json-unit-assertj](https://github.com/lukas-krecan/JsonUnit) from 5.0.0 to 5.1.0.
- [Changelog](https://github.com/lukas-krecan/JsonUnit/blob/master/RELEASES.md)
- [Commits](https://github.com/lukas-krecan/JsonUnit/compare/json-unit-parent-5.0.0...json-unit-parent-5.1.0)

---
updated-dependencies:
- dependency-name: net.javacrumbs.json-unit:json-unit-assertj
  dependency-version: 5.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 08:01:17 +00:00
Niklas
1500ad3de4
Merge pull request #5552 from DependencyTrack/dependabot/maven/org.eclipse.jetty.ee10-jetty-ee10-maven-plugin-12.1.4 2025-11-19 13:32:27 +01:00
Niklas
2a0aab60b0
Merge pull request #5553 from DependencyTrack/dependabot/docker/src/main/docker/debian-067a7e8 2025-11-19 13:32:10 +01:00
dependabot[bot]
ad7eae6c46
build(deps): bump debian from e024987 to 067a7e8 in /src/main/docker 
Bumps debian from `e024987` to `067a7e8`.

---
updated-dependencies:
- dependency-name: debian
  dependency-version: stable-slim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-18 08:05:04 +00:00
dependabot[bot]
9ee678a21d
build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin 
Bumps org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.3 to 12.1.4.

---
updated-dependencies:
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-maven-plugin
  dependency-version: 12.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-18 08:01:46 +00:00
Niklas
e376b5a984
Update versions in issue template for defects 
Signed-off-by: Niklas <nscuro@protonmail.com>
 2025-11-17 09:55:10 +01:00
Niklas
38f140e732
Add changelog for v4.13.6 
Signed-off-by: Niklas <nscuro@protonmail.com>
 2025-11-17 09:54:30 +01:00
Niklas
7d4236072f
Merge pull request #5540 from nscuro/bump-frontend-4.13.6 2025-11-17 09:16:50 +01:00
Niklas
8c8e1ae0d3
Merge pull request #5541 from DependencyTrack/dependabot/maven/io.github.jeremylong-open-vulnerability-clients-9.0.2 2025-11-17 09:13:59 +01:00
Niklas
81f1442778
Merge pull request #5542 from DependencyTrack/dependabot/maven/lib.alpine.version-3.4.0 2025-11-17 09:13:38 +01:00
Niklas
7e81701a4e
Merge pull request #5543 from DependencyTrack/dependabot/github_actions/actions/dependency-review-action-4.8.2 2025-11-17 09:12:59 +01:00
Niklas
a0b8c07fdd
Merge pull request #5544 from DependencyTrack/dependabot/github_actions/github/codeql-action-4.31.3 2025-11-17 09:12:50 +01:00
dependabot[bot]
dbdbfbbf77
build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0499de31b9...014f16e7ab)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:02:39 +00:00
dependabot[bot]
f11b551efb
build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.1 to 4.8.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](40c09b7dc9...3c4e3dcb1a)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:02:30 +00:00
dependabot[bot]
3f8b49e0d3
build(deps): bump lib.alpine.version from 3.3.0 to 3.4.0 
Bumps `lib.alpine.version` from 3.3.0 to 3.4.0.

Updates `us.springett:alpine-common` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

Updates `us.springett:alpine-model` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

Updates `us.springett:alpine-infra` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

Updates `us.springett:alpine-server` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

---
updated-dependencies:
- dependency-name: us.springett:alpine-common
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: us.springett:alpine-model
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: us.springett:alpine-infra
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: us.springett:alpine-server
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:01:48 +00:00
dependabot[bot]
010e43e5ed
build(deps): bump io.github.jeremylong:open-vulnerability-clients 
Bumps [io.github.jeremylong:open-vulnerability-clients](https://github.com/jeremylong/open-vulnerability-clients) from 9.0.1 to 9.0.2.
- [Release notes](https://github.com/jeremylong/open-vulnerability-clients/releases)
- [Commits](https://github.com/jeremylong/open-vulnerability-clients/compare/v9.0.1...v9.0.2)

---
updated-dependencies:
- dependency-name: io.github.jeremylong:open-vulnerability-clients
  dependency-version: 9.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:01:32 +00:00
nscuro
3f5f5b2f18
Bump bundled frontend to 4.13.6 
Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-11-17 09:00:18 +01:00
Niklas
2e0acd740d
Merge pull request #5525 from DependencyTrack/dependabot/maven/org.testcontainers-testcontainers-2.0.2 2025-11-14 10:46:25 +01:00
Niklas
2c934c56ef
Merge pull request #5526 from DependencyTrack/dependabot/docker/src/main/docker/eclipse-temurin-1f12ca3 2025-11-14 10:46:05 +01:00
Niklas
b05318171e
Merge pull request #5524 from DependencyTrack/dependabot/maven/lib.protobuf-java.version-4.33.1 2025-11-14 10:45:11 +01:00
dependabot[bot]
750e1279e7
build(deps): bump eclipse-temurin in /src/main/docker 
Bumps eclipse-temurin from `9292ea0` to `1f12ca3`.

---
updated-dependencies:
- dependency-name: eclipse-temurin
  dependency-version: 25.0.1_8-jdk-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 08:03:35 +00:00
dependabot[bot]
33b92c3676
build(deps-dev): bump org.testcontainers:testcontainers 
Bumps [org.testcontainers:testcontainers](https://github.com/testcontainers/testcontainers-java) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testcontainers/testcontainers-java/compare/2.0.1...2.0.2)

---
updated-dependencies:
- dependency-name: org.testcontainers:testcontainers
  dependency-version: 2.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 08:02:21 +00:00
dependabot[bot]
48feb436f2
build(deps): bump lib.protobuf-java.version from 4.33.0 to 4.33.1 
Bumps `lib.protobuf-java.version` from 4.33.0 to 4.33.1.

Updates `com.google.protobuf:protobuf-java` from 4.33.0 to 4.33.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `com.google.protobuf:protobuf-java-util` from 4.33.0 to 4.33.1

---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java
  dependency-version: 4.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.google.protobuf:protobuf-java-util
  dependency-version: 4.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 08:02:04 +00:00
Niklas
fa1eb0bb4c
Merge pull request #5505 from DependencyTrack/dependabot/maven/us.springett-cpe-parser-3.0.1 2025-11-13 12:20:20 +01:00
Niklas
74ad692c7d
Merge pull request #5514 from DependencyTrack/dependabot/maven/com.puppycrawl.tools-checkstyle-12.1.2 2025-11-13 12:15:13 +01:00