Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2025-12-08 06:09:51 +00:00
Code Issues Projects Releases Packages Wiki Activity
6561 commits 61 branches 81 tags 126 MiB
Commit graph

6561 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
6e43d73989
build(deps): bump github/codeql-action from 4.31.4 to 4.31.5 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.4 to 4.31.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e12f017898...fdbfb4d275)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 09:00:03 +00:00
Niklas
01847b79fd
Merge pull request #5574 from snieguu/5561 2025-11-27 11:11:14 +01:00
Niklas
28a842d959
Merge pull request #5562 from DependencyTrack/dependabot/maven/net.javacrumbs.json-unit-json-unit-assertj-5.1.0 2025-11-27 11:09:13 +01:00
Niklas
873d27b7eb
Merge pull request #5563 from DependencyTrack/dependabot/docker/src/main/docker/debian-7cb087f 2025-11-27 11:08:52 +01:00
Niklas
dd6b42ded5
Merge pull request #5571 from DependencyTrack/dependabot/maven/org.metaeffekt.core-ae-security-0.148.0 2025-11-27 11:07:43 +01:00
Niklas
0ac93bf0e3
Merge pull request #5572 from DependencyTrack/dependabot/github_actions/github/codeql-action-4.31.4 2025-11-27 11:07:25 +01:00
Niklas
89b5066773
Merge pull request #5573 from DependencyTrack/dependabot/github_actions/actions/checkout-6.0.0 2025-11-27 11:07:10 +01:00
Damian Sniezek
4a34de67ac fix: add correct UTF-8 encoding to notification payload 
Signed-off-by: Damian Sniezek <snieguu@gmail.com>
 2025-11-24 13:20:05 +01:00
dependabot[bot]
bed646980e
build(deps): bump actions/checkout from 5.0.0 to 6.0.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 08:02:32 +00:00
dependabot[bot]
d6a1a7ffaa
build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](014f16e7ab...e12f017898)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 08:02:26 +00:00
dependabot[bot]
9d17f9279c
build(deps): bump org.metaeffekt.core:ae-security 
Bumps org.metaeffekt.core:ae-security from 0.147.0 to 0.148.0.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.148.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 08:01:48 +00:00
dependabot[bot]
87609fe115
build(deps): bump debian from 067a7e8 to 7cb087f in /src/main/docker 
Bumps debian from `067a7e8` to `7cb087f`.

---
updated-dependencies:
- dependency-name: debian
  dependency-version: stable-slim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 08:03:27 +00:00
dependabot[bot]
7c9699334a
build(deps-dev): bump net.javacrumbs.json-unit:json-unit-assertj 
Bumps [net.javacrumbs.json-unit:json-unit-assertj](https://github.com/lukas-krecan/JsonUnit) from 5.0.0 to 5.1.0.
- [Changelog](https://github.com/lukas-krecan/JsonUnit/blob/master/RELEASES.md)
- [Commits](https://github.com/lukas-krecan/JsonUnit/compare/json-unit-parent-5.0.0...json-unit-parent-5.1.0)

---
updated-dependencies:
- dependency-name: net.javacrumbs.json-unit:json-unit-assertj
  dependency-version: 5.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 08:01:17 +00:00
Niklas
1500ad3de4
Merge pull request #5552 from DependencyTrack/dependabot/maven/org.eclipse.jetty.ee10-jetty-ee10-maven-plugin-12.1.4 2025-11-19 13:32:27 +01:00
Niklas
2a0aab60b0
Merge pull request #5553 from DependencyTrack/dependabot/docker/src/main/docker/debian-067a7e8 2025-11-19 13:32:10 +01:00
dependabot[bot]
ad7eae6c46
build(deps): bump debian from e024987 to 067a7e8 in /src/main/docker 
Bumps debian from `e024987` to `067a7e8`.

---
updated-dependencies:
- dependency-name: debian
  dependency-version: stable-slim
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-18 08:05:04 +00:00
dependabot[bot]
9ee678a21d
build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin 
Bumps org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.3 to 12.1.4.

---
updated-dependencies:
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-maven-plugin
  dependency-version: 12.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-18 08:01:46 +00:00
Niklas
e376b5a984
Update versions in issue template for defects 
Signed-off-by: Niklas <nscuro@protonmail.com>
 2025-11-17 09:55:10 +01:00
Niklas
38f140e732
Add changelog for v4.13.6 
Signed-off-by: Niklas <nscuro@protonmail.com>
 2025-11-17 09:54:30 +01:00
Niklas
7d4236072f
Merge pull request #5540 from nscuro/bump-frontend-4.13.6 2025-11-17 09:16:50 +01:00
Niklas
8c8e1ae0d3
Merge pull request #5541 from DependencyTrack/dependabot/maven/io.github.jeremylong-open-vulnerability-clients-9.0.2 2025-11-17 09:13:59 +01:00
Niklas
81f1442778
Merge pull request #5542 from DependencyTrack/dependabot/maven/lib.alpine.version-3.4.0 2025-11-17 09:13:38 +01:00
Niklas
7e81701a4e
Merge pull request #5543 from DependencyTrack/dependabot/github_actions/actions/dependency-review-action-4.8.2 2025-11-17 09:12:59 +01:00
Niklas
a0b8c07fdd
Merge pull request #5544 from DependencyTrack/dependabot/github_actions/github/codeql-action-4.31.3 2025-11-17 09:12:50 +01:00
dependabot[bot]
dbdbfbbf77
build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0499de31b9...014f16e7ab)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:02:39 +00:00
dependabot[bot]
f11b551efb
build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.1 to 4.8.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](40c09b7dc9...3c4e3dcb1a)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:02:30 +00:00
dependabot[bot]
3f8b49e0d3
build(deps): bump lib.alpine.version from 3.3.0 to 3.4.0 
Bumps `lib.alpine.version` from 3.3.0 to 3.4.0.

Updates `us.springett:alpine-common` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

Updates `us.springett:alpine-model` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

Updates `us.springett:alpine-infra` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

Updates `us.springett:alpine-server` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/stevespringett/Alpine/releases)
- [Commits](https://github.com/stevespringett/Alpine/compare/alpine-parent-3.3.0...alpine-parent-3.4.0)

---
updated-dependencies:
- dependency-name: us.springett:alpine-common
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: us.springett:alpine-model
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: us.springett:alpine-infra
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: us.springett:alpine-server
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:01:48 +00:00
dependabot[bot]
010e43e5ed
build(deps): bump io.github.jeremylong:open-vulnerability-clients 
Bumps [io.github.jeremylong:open-vulnerability-clients](https://github.com/jeremylong/open-vulnerability-clients) from 9.0.1 to 9.0.2.
- [Release notes](https://github.com/jeremylong/open-vulnerability-clients/releases)
- [Commits](https://github.com/jeremylong/open-vulnerability-clients/compare/v9.0.1...v9.0.2)

---
updated-dependencies:
- dependency-name: io.github.jeremylong:open-vulnerability-clients
  dependency-version: 9.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-17 08:01:32 +00:00
nscuro
3f5f5b2f18
Bump bundled frontend to 4.13.6 
Signed-off-by: nscuro <nscuro@protonmail.com>
 2025-11-17 09:00:18 +01:00
Niklas
2e0acd740d
Merge pull request #5525 from DependencyTrack/dependabot/maven/org.testcontainers-testcontainers-2.0.2 2025-11-14 10:46:25 +01:00
Niklas
2c934c56ef
Merge pull request #5526 from DependencyTrack/dependabot/docker/src/main/docker/eclipse-temurin-1f12ca3 2025-11-14 10:46:05 +01:00
Niklas
b05318171e
Merge pull request #5524 from DependencyTrack/dependabot/maven/lib.protobuf-java.version-4.33.1 2025-11-14 10:45:11 +01:00
dependabot[bot]
750e1279e7
build(deps): bump eclipse-temurin in /src/main/docker 
Bumps eclipse-temurin from `9292ea0` to `1f12ca3`.

---
updated-dependencies:
- dependency-name: eclipse-temurin
  dependency-version: 25.0.1_8-jdk-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 08:03:35 +00:00
dependabot[bot]
33b92c3676
build(deps-dev): bump org.testcontainers:testcontainers 
Bumps [org.testcontainers:testcontainers](https://github.com/testcontainers/testcontainers-java) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testcontainers/testcontainers-java/compare/2.0.1...2.0.2)

---
updated-dependencies:
- dependency-name: org.testcontainers:testcontainers
  dependency-version: 2.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 08:02:21 +00:00
dependabot[bot]
48feb436f2
build(deps): bump lib.protobuf-java.version from 4.33.0 to 4.33.1 
Bumps `lib.protobuf-java.version` from 4.33.0 to 4.33.1.

Updates `com.google.protobuf:protobuf-java` from 4.33.0 to 4.33.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `com.google.protobuf:protobuf-java-util` from 4.33.0 to 4.33.1

---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java
  dependency-version: 4.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.google.protobuf:protobuf-java-util
  dependency-version: 4.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 08:02:04 +00:00
Niklas
fa1eb0bb4c
Merge pull request #5505 from DependencyTrack/dependabot/maven/us.springett-cpe-parser-3.0.1 2025-11-13 12:20:20 +01:00
Niklas
74ad692c7d
Merge pull request #5514 from DependencyTrack/dependabot/maven/com.puppycrawl.tools-checkstyle-12.1.2 2025-11-13 12:15:13 +01:00
Niklas
812f969293
Merge pull request #5500 from ElenaStroebele/5499 2025-11-13 12:13:52 +01:00
ElenaStroebele
17955fb4ff Added MDC keys for logging of update/create/delete/clone projects. 
Signed-off-by: ElenaStroebele <elena.stroebele@rohde-schwarz.com>
 2025-11-12 09:45:35 +00:00
dependabot[bot]
f269808fec
build(deps): bump com.puppycrawl.tools:checkstyle from 12.1.1 to 12.1.2 
Bumps [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) from 12.1.1 to 12.1.2.
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-12.1.1...checkstyle-12.1.2)

---
updated-dependencies:
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 12.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 08:01:56 +00:00
Niklas
a4ed39ff22
Merge pull request #5513 from stohrendorf/issue-5509 2025-11-11 23:12:00 +01:00
Steffen Ohrendorf
3bd53c4ea6
avoid NPEs in ComposerMetaAnalyzer 
Signed-off-by: Steffen Ohrendorf <steffen.ohrendorf@gmx.de>
 2025-11-11 19:25:54 +01:00
Niklas
acf499dd6f
Merge pull request #5504 from StefanFl/secobserve_move 2025-11-11 10:49:45 +01:00
Niklas
cf1b7e1aea
Merge pull request #5510 from DependencyTrack/dependabot/maven/org.cyclonedx-cyclonedx-core-java-11.0.1 2025-11-11 10:48:56 +01:00
dependabot[bot]
09ecb0060d
build(deps): bump org.cyclonedx:cyclonedx-core-java 
Bumps [org.cyclonedx:cyclonedx-core-java](https://github.com/CycloneDX/cyclonedx-core-java) from 11.0.0 to 11.0.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-core-java/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-core-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/CycloneDX/cyclonedx-core-java/compare/cyclonedx-core-java-11.0.0...cyclonedx-core-java-11.0.1)

---
updated-dependencies:
- dependency-name: org.cyclonedx:cyclonedx-core-java
  dependency-version: 11.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 21:51:18 +00:00
Niklas
af79a68a8f
Merge pull request #5506 from DependencyTrack/dependabot/github_actions/docker/setup-qemu-action-3.7.0 2025-11-10 13:17:26 +01:00
Niklas
a56b3258b8
Merge pull request #5491 from DependencyTrack/dependabot/docker/src/main/docker/debian-e024987 2025-11-10 13:17:07 +01:00
Niklas
52676ad67e
Merge pull request #5507 from DependencyTrack/dependabot/docker/src/main/docker/eclipse-temurin-25.0.1_8-jdk-alpine 2025-11-10 13:16:17 +01:00
dependabot[bot]
86b182fe15
build(deps): bump eclipse-temurin in /src/main/docker 
Bumps eclipse-temurin from 25_36-jdk-alpine to 25.0.1_8-jdk-alpine.

---
updated-dependencies:
- dependency-name: eclipse-temurin
  dependency-version: 25.0.1_8-jdk-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 08:05:22 +00:00
dependabot[bot]
d1fcfd5834
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](29109295f8...c7c5346462)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 08:04:37 +00:00