Update dependency DependencyTrack/dependency-track to v4.11.0 (!73) · Merge requests · Iron Bank Containers / Opensource / dependency-track / api

Ghost User requested to merge renovate/dependencytrack-dependency-track-4.x into development May 08, 2024

This MR contains the following updates:

Package	Type	Update	Change
DependencyTrack/dependency-track		minor	`4.10.1` -> `4.11.0`
DependencyTrack/dependency-track	ironbank-github	minor	`4.10.1` -> `4.11.0`

Release Notes

DependencyTrack/dependency-track (DependencyTrack/dependency-track)

`v4.11.0`

Compare Source

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes. If additional details are required, consult the closed issues for this release milestone.


##### SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9  dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49  dependency-track-bundled.jar

##### SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf  dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3  dependency-track-bundled.jar

##### SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3  dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

Return processing token when cloning project #2842 by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3260
Hyades backport: Preprocess CWE dictionary by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3284
Add "Show in Dependency-Graph" Button in "Affected Projects" List [improved version] by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3285
Add "Show in Dependency-Graph" Button in "Affected Projects" List by @rbt-mm in https://github.com/DependencyTrack/dependency-track/pull/2942
Update SPDX license list to v3.22 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3368
Store computed severities in the database by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3408
feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3425
Subject prefix by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3422
Trivy by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3259
Webhook alert token and new user alerts by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3275
Global Audit View: Vulnerabilities by @rbt-mm in https://github.com/DependencyTrack/dependency-track/pull/2472
Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3357
Bump CWE dictionary to v4.13 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3491
Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3492
Align retry configuration and behavior across analyzers by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3494
Add auto-generated changelog to GitHub releases by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3502
Bump SPDX license list to v3.23 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3508
Validate uploaded BOMs against CycloneDX schema by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3522
Add endpoint for updating API key comment by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3537
OpenAPI spec fixes and improvements by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3557
Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in https://github.com/DependencyTrack/dependency-track/pull/3574
Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3561
New feature: VulnDB Aliases! by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3588
Implement the hackage and nixpkgs meta analyzers by @MangoIV in https://github.com/DependencyTrack/dependency-track/pull/3549
Add support for component properties by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3499
Leverage component properties for Trivy scans by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3620
Improve Lucene observability by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3535
Include pagination parameters in OpenAPI spec by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3625
Include sorting query parameters in OpenAPI spec by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3631
support for experimental configurations by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3621
Gracefully handle unique constraint violations by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3648
Add support for worker pool drain timeout by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3657
Fall back to no authentication when OSS Index API token decryption fails by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3661
Truncate ComponentProperty value at 1024 characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3662
Add the project name and project URL to bom processing notifications by @2000rosser in https://github.com/DependencyTrack/dependency-track/pull/3666
Bump bundled frontend to v4.11.0 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3681

Bug Fixes 🐛

Fix dropping of CWE table failing due to FK constraint by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3304
Fix notifications not being sent for child projects where active is null by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3305
Fix NPE in VersionDistancePolicyEvaluator when project has no direct dependencies by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3307
Fix ClassCastException when updating an existing ProjectMetadata#authors field by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3311
feat: Improve Error handling and add default version type by @jadyndev in https://github.com/DependencyTrack/dependency-track/pull/3313
Fix NVD API's last modified timestamp requiring restart to be applied by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3322
Project cloning logic for cloning policy violations and Violationanalysis by @mge-mm in https://github.com/DependencyTrack/dependency-track/pull/3248
Ignore withdrawn Github advisories by @kepten in https://github.com/DependencyTrack/dependency-track/pull/3394
Fix VulnDB parser being unable to import vulnerability records when 'nvd_additional_information' is empty by @lukas-braune in https://github.com/DependencyTrack/dependency-track/pull/3437
Fix URISyntaxException when NPM PURL contains special characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3456
Finding Attributed On date is not retained when cloning projects by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3488
adding cargo to IMetaAnalyzer by @leec94 in https://github.com/DependencyTrack/dependency-track/pull/3511
Fix type of purl fields in Swagger docs by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3512
Perform License Resolution On Name Field During SBOM Import by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3555
Update License Of Existing Components On BOM Upload by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3556
Provide meaningful error message for bom and vex exceeding Jackson's character limit by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3558
Fix unhandled NotFoundExceptions causing a HTTP 500 response by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3559
Extend length of PURL and PURLCOORDINATES columns from 255 to 786 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3560
Validate UUID request parameters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3590
Vuln db severity by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3595
Fix JDOFatalUserException for long reference URLs from OSS Index by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3650
Catch all unhandled ClientErrorExceptions by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3659
Fix unique constraint violation during NVD mirroring via feed files by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3664
De-duplicate CPEs in NVD feed file parsing by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3667
Fix missing default repos for Hackage and Nixpkgs by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3678

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Admin message

Update dependency DependencyTrack/dependency-track to v4.11.0

Release Notes

v4.11.0

What's Changed

Enhancements 🚀

Bug Fixes 🐛

Dependency Updates 🤖

Other Changes

New Contributors

Configuration

Merge request reports

`v4.11.0`