Update dependency DependencyTrack/dependency-track to v4.11.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
DependencyTrack/dependency-track | minor |
4.10.1 -> 4.11.0
|
|
DependencyTrack/dependency-track | ironbank-github | minor |
4.10.1 -> 4.11.0
|
Release Notes
DependencyTrack/dependency-track (DependencyTrack/dependency-track)
v4.11.0
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes. If additional details are required, consult the closed issues for this release milestone.
##### SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9 dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49 dependency-track-bundled.jar
##### SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3 dependency-track-bundled.jar
##### SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3 dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198 dependency-track-bundled.jar
What's Changed
🚀
Enhancements - Return processing token when cloning project #2842 by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3260
- Hyades backport: Preprocess CWE dictionary by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3284
- Add "Show in Dependency-Graph" Button in "Affected Projects" List [improved version] by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3285
- Add "Show in Dependency-Graph" Button in "Affected Projects" List by @rbt-mm in https://github.com/DependencyTrack/dependency-track/pull/2942
- Update SPDX license list to v3.22 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3368
- Store computed severities in the database by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3408
- feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3425
- Subject prefix by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3422
- Trivy by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3259
- Webhook alert token and new user alerts by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3275
- Global Audit View: Vulnerabilities by @rbt-mm in https://github.com/DependencyTrack/dependency-track/pull/2472
- Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3357
- Bump CWE dictionary to v4.13 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3491
- Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3492
- Align retry configuration and behavior across analyzers by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3494
- Add auto-generated changelog to GitHub releases by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3502
- Bump SPDX license list to v3.23 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3508
- Validate uploaded BOMs against CycloneDX schema by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3522
- Add endpoint for updating API key comment by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3537
- OpenAPI spec fixes and improvements by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3557
- Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in https://github.com/DependencyTrack/dependency-track/pull/3574
- Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3561
- New feature: VulnDB Aliases! by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3588
- Implement the hackage and nixpkgs meta analyzers by @MangoIV in https://github.com/DependencyTrack/dependency-track/pull/3549
- Add support for component properties by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3499
- Leverage component properties for Trivy scans by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3620
- Improve Lucene observability by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3535
- Include pagination parameters in OpenAPI spec by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3625
- Include sorting query parameters in OpenAPI spec by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3631
- support for experimental configurations by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3621
- Gracefully handle unique constraint violations by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3648
- Add support for worker pool drain timeout by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3657
- Fall back to no authentication when OSS Index API token decryption fails by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3661
- Truncate
ComponentProperty
value at 1024 characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3662 - Add the project name and project URL to bom processing notifications by @2000rosser in https://github.com/DependencyTrack/dependency-track/pull/3666
- Bump bundled frontend to v4.11.0 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3681
🐛
Bug Fixes - Fix dropping of
CWE
table failing due to FK constraint by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3304 - Fix notifications not being sent for child projects where
active
isnull
by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3305 - Fix NPE in
VersionDistancePolicyEvaluator
when project has no direct dependencies by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3307 - Fix
ClassCastException
when updating an existingProjectMetadata#authors
field by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3311 - feat: Improve Error handling and add default version type by @jadyndev in https://github.com/DependencyTrack/dependency-track/pull/3313
- Fix NVD API's last modified timestamp requiring restart to be applied by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3322
- Project cloning logic for cloning policy violations and Violationanalysis by @mge-mm in https://github.com/DependencyTrack/dependency-track/pull/3248
- Ignore withdrawn Github advisories by @kepten in https://github.com/DependencyTrack/dependency-track/pull/3394
- Fix VulnDB parser being unable to import vulnerability records when 'nvd_additional_information' is empty by @lukas-braune in https://github.com/DependencyTrack/dependency-track/pull/3437
- Fix
URISyntaxException
when NPM PURL contains special characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3456 - Finding Attributed On date is not retained when cloning projects by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3488
- adding cargo to IMetaAnalyzer by @leec94 in https://github.com/DependencyTrack/dependency-track/pull/3511
- Fix type of
purl
fields in Swagger docs by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3512 - Perform License Resolution On Name Field During SBOM Import by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3555
- Update License Of Existing Components On BOM Upload by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3556
- Provide meaningful error message for
bom
andvex
exceeding Jackson's character limit by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3558 - Fix unhandled
NotFoundException
s causing aHTTP 500
response by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3559 - Extend length of
PURL
andPURLCOORDINATES
columns from 255 to 786 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3560 - Validate UUID request parameters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3590
- Vuln db severity by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3595
- Fix
JDOFatalUserException
for long reference URLs from OSS Index by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3650 - Catch all unhandled
ClientErrorException
s by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3659 - Fix unique constraint violation during NVD mirroring via feed files by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3664
- De-duplicate CPEs in NVD feed file parsing by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3667
- Fix missing default repos for Hackage and Nixpkgs by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3678
🤖
Dependency Updates - Bump org.apache.httpcomponents.client5:httpclient5 from 5.2.1 to 5.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3282
- Bump github/codeql-action from 2.22.8 to 2.22.9 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3289
- Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3288
- Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.0 to 1.15.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3298
- Bump io.github.jeremylong:open-vulnerability-clients from 5.1.0 to 5.1.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3320
- Bump eclipse-temurin from
5f85d29
toe96937d
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3319 - Bump github/codeql-action from 2.22.9 to 3.22.11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3318
- Bump debian from
375fb84
tod4494b6
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3325 - Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.18 to 10.0.19 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3331
- Bump org.slf4j:log4j-over-slf4j from 2.0.9 to 2.0.10 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3345
- Bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3340
- Bump org.slf4j:log4j-over-slf4j from 2.0.10 to 2.0.11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3362
- Bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3359
- Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3358
- Bump actions/download-artifact from 3.0.2 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3341
- Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3317
- Bump debian from
d4494b6
tof7235f3
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3370 - Bump actions/download-artifact from 4.1.0 to 4.1.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3378
- Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3377
- Bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3376
- Bump eclipse-temurin from
e96937d
to6b234f2
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3387 - Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3400
- Bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3401
- Bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3399
- Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.1 to 1.15.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3391
- Bump eclipse-temurin from 21.0.1_12-jre-jammy to 21.0.2_13-jre-jammy in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3410
- Bump org.apache.httpcomponents.client5:httpclient5 from 5.3 to 5.3.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3409
- Bump eclipse-temurin from
651d253
to24d6ced
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3413 - Bump Alpine to
2.2.5-SNAPSHOT
by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3417 - Bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3418
- Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3419
- Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.19 to 10.0.20 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3428
- Bump debian from
f7235f3
to4255c9f
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3427 - Bump eclipse-temurin from
24d6ced
to91e50ea
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3432 - Bump com.microsoft.sqlserver:mssql-jdbc from 12.4.2.jre11 to 12.6.0.jre11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3431
- Bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3435
- Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.2 to 3.2.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3440
- Bump org.json:json from
2023101
to2024020
by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3441 - Bump org.slf4j:log4j-over-slf4j from 2.0.11 to 2.0.12 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3439
- Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3460
- Bump actions/download-artifact from 4.1.1 to 4.1.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3459
- Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3458
- Bump lib.lucene.version from 8.11.2 to 8.11.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3457
- Bump debian from
4255c9f
to435ba09
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3462 - Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.2 to 1.16.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3466
- Bump eclipse-temurin from
91e50ea
to0672ad3
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3471 - Bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3473
- Bump eclipse-temurin from
0672ad3
to636b9a7
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3476 - Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3475
- Bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3474
- Bump io.github.jeremylong:open-vulnerability-clients from 5.1.1 to 5.1.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3481
- Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.4 to 3.2.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3480
- Bump com.github.tomakehurst:wiremock-jre8 from 2.35.1 to 2.35.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3479
- Bump com.microsoft.sqlserver:mssql-jdbc from 12.6.0.jre11 to 12.6.1.jre11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3478
- Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.5 to 3.2.7 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3486
- Bump various dependencies by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3487
- Bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3497
- Bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3496
- Bump Alpine to
2.2.5
by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3515 - Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3525
- Bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3524
- Bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3523
- Bump org.json:json from
2024020
to2024030
by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3527 - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3526
- Bump eclipse-temurin from
636b9a7
tod9f7b83
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3532 - Bump org.testcontainers:testcontainers from 1.19.6 to 1.19.7 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3533
- Bump io.github.jeremylong:open-vulnerability-clients from 5.1.2 to 6.0.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3542
- Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3541
- Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3539
- Bump actions/setup-java from 4.0.0 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3540
- Bump debian from
435ba09
tod10f054
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3543 - Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.16.0 to 1.17.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3547
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3564
- Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3563
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3562
- Bump actions/setup-java from 4.1.0 to 4.2.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3565
- Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.17.0 to 1.17.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3567
- Bump github/codeql-action from 3.24.6 to 3.24.9 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3578
- Bump actions/dependency-review-action from 4.1.3 to 4.2.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3577
- Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3576
- Bump io.github.jeremylong:open-vulnerability-clients from 6.0.0 to 6.0.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3586
- Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3592
- Bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3593
- Bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3606
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3605
- Bump debian from
d10f054
to2c96e00
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3610 - Bump org.slf4j:log4j-over-slf4j from 2.0.12 to 2.0.13 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3619
- Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.17.1 to 1.18.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3623
- Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3636
- Bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3635
- Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3634
- Bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3633
- Bump debian from
2c96e00
toff39497
in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3640 - Bump Temurin base image to
21.0.3_9
by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3652 - Bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3656
- Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3653
- Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3654
- Bump actions/download-artifact from 4.1.5 to 4.1.7 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3655
- Bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3671
- Bump dependencies to their latest version by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3674
Other Changes
- Fix GitHub purl example in v4.10.0 changelog by @lnksz in https://github.com/DependencyTrack/dependency-track/pull/3300
- Updated terminology.md to describe the Risk Score calculation by @AnthonyMastrean in https://github.com/DependencyTrack/dependency-track/pull/3347
- ACL: Add projects to team should only show not yet added projects by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3261
- docs: fix build status badge by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3386
- docs(azure-ad): large enterprise group configuration by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3414
- Fix image link on openidconnect-configuration.md by @mikkeschiren in https://github.com/DependencyTrack/dependency-track/pull/3411
- Improve test coverage of Trivy integration by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3493
- Adds NVD disclaimer at the top of the documentation page for NVD. by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3490
- Report test coverage for all branches, not just
master
by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3514 - Fix CI Build status badge by @baburkin in https://github.com/DependencyTrack/dependency-track/pull/3513
- Upload test coverage for MRs via separate workflow by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3517
- Update changelog for v4.11.0 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3531
- Clarify OpenID Connect group mapping to teams by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3536
- Transfer copyright from Steve Springett to OWASP Foundation by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3573
- Normalize capitalization of PyPI by @gtback in https://github.com/DependencyTrack/dependency-track/pull/3597
- Advertise official Helm chart in docs by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3604
- Update changelog for v4.11 with recent changes by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3618
- Trivy tweaks by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3630
- Log debug information upon possible secret key corruption by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3651
- Update v4.11 changelog with recent changes by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3658
- Start Jersey
TestContainer
once per class vs. once per test method by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3668 - Run builds and CI on
feature-*
branches by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3672 - Update v4.11 changelog with recent changes by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3673
- Simplify
BomUploadProcessingTaskTest
by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3676 - Disable Maven transfer progress in CI by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3677
- Fix changelog typo; Set release date; Bump docs version by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3679
- Reduce verbosity of
ResourceTest
s by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3680
New Contributors
- @rkg-mm made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3260
- @lnksz made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3300
- @AnthonyMastrean made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3347
- @mge-mm made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3248
- @setchy made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3386
- @kepten made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3394
- @mikkeschiren made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3411
- @lukas-braune made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3437
- @LaVibeX made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3422
- @fnxpt made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3259
- @sebD made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3488
- @baburkin made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3513
- @aravindparappil46 made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3555
- @mprencipe made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3574
- @gtback made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3597
- @MangoIV made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3549
- @2000rosser made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3666
Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/4.10.1...4.11.0
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.