Features

• New endpoints at /collectors to retrieve information on all collectors for the Holocron instance. PUT requests are also accepted at collectors/:id to alter collector configuration options.
• Circuit breaker and rate limiter can be disabled through environment variable configuration. RATE_LIMITER_ENABLED and CIRCUIT_BREAKER_ENABLED both default to true.

Vulnerability Fixes

• Various dependency updates

Experimental

• New experimental feature FEATURE_API_V3 for new routes under /api/v3. These new routes utilize pagination on all list endpoints. Pagination can be managed with the query parameters page and per_page with a maximum and default value of 100. In addition, ticketboards is now ticket-boards, similar changes also for project-issues and git-requests.

Vulnerability Fixes

• Several minor/patch updates to several packages

Experimental

• Prevented users from changing the team_owner_id of a view.

Features

• Allow whitelisting IPs from the rate limiter, use the environment variable RATE_LIMITING_IP_WHITELIST set to a comma delineated list as a string
• Allow adjusting rate limits, use the environment variable RATE_LIMITS set to a string like "300/day,50/hour". See official docs for further syntax details: https://flask-limiter.readthedocs.io/en/stable/
• Add author_username field to the GitRequest model.

Vulnerability Fixes

• Several minor/patch updates to several packages

Improvements Made

• Add configuration fields to the Collector model to allow collectors to store it. Will create routes in the future to allow collectors to be configured through the API.
• Update to flask v3

Bug Fixes

• Fixed issue where the default user object returned when SSO was disabled was using snake_case instead of camelCase.

Features

• Released vulnerability trend metrics
• Released maintainability trend metrics
• Released project issues metrics

Features

• Updated schema to use v3 schema which is a breaking change from previous major version.

Bug Fixes

• Fixed update team bug: invalid team id parameter sending in 500 response instead of 400.
• Fixed update value stream bug: invalid organization id on the body sends 500 response when instead of 400.
• Fixed creating/updating team bug: gives 500 response when there is no team name in the request body instead of 400.

Vulnerability Fixes

• Upgraded base image

Experimental

• FEATURE_PROJECT_ANALYSIS flag is added as an experimental feature.

Features

• The /v2 endpoints are officially no longer an experimental feature. /v1 endpoints are officially deprecated, any users of these endpoints should migrate to the new /v2 endpoints.
• For information on the changes from /v1 to /v2 please review release 2.2.0

/v2 changes

• Effort data key names have been adjusted to days instead of hours to accurately reflect the data
• Key names for items in backlog and similar have been renamed from referencing issues to tickets
• Key names for array items have been renamed and are now an array of objects. Example: development_cycle_times_for_week_in_days is now ticket_development_cycle_times and is an array of objects formatted as {days: str}
• Backlog ticket age is now part of the team level metrics instead of part of the historical data
• stale_merge_requests is now stale_git_requests

Bug Fixes

• Fixed issue with the cache not correctly storing the v2 metric data.

Bug Fixes

• Fixed issue with enum types in the response schemas

Improvements Made

• Slight improvements to generating team metrics

Experimental

• New experimental feature to collect and report metrics from SCA/SAST tools.
• To use this feature, set the environment variable FEATURE_PROJECT_ANALYSIS to true
• Collectors for these metrics should be set to type PROJECT_ANALYSIS. They will collect Projects and ProjectIssues which have their own endpoints.
• Active issues are included in team metrics.
• In addition, a maintainability score trend metric is calculated and included as part of team metrics.

Experimental

• New experimental feature to create new endpoints at /v2 with experimental schema changes.
• To use this feature, set the environment variable FEATURE_API_V2 to true.
• Once this feature is enabled, all existing routes at /v1 can also be found at /v2.

Schema Changes

• pipelines, repositories, and ticket_boards use resource_id instead of pipeline_id, etc. resource_id is a string to enable working with any tool that uses a different type of primary key. In addition, they now all have a type field which is an enumerated string that displays the type of collector_target they are. This is primarily for internal use as the endpoints will still be separated to only return one type at a time.
• tickets also switch to resource_id instead of ticket_id.
• All metric schemas have changed significantly. New keys are used to more accurately describe what the data represents and the structure has been flattened greatly. For instance, instead of "effort": { "features": [3, 5] } we have "days_spent_on_features": 8. Further, WeeklyData has been replaced with HistoricalData which is an array instead of an object and the week string is not just one key within each entry as opposed to the key to the entry. That string is also now a stringified date for the Monday of that week in the format YYYY-MM-DD. Finally, the result no longer sends all merge requests and branches and instead only sends ones that are stale. There are other minor updates, the full schema can be viewed on the OpenAPI page.