Update dependency DependencyTrack/dependency-track to v4.11.4 (!79) · Merge requests · Iron Bank Containers / Opensource / dependency-track / api

POPs-renovate-tools_03Dec2024 requested to merge renovate/dependencytrack-dependency-track-4.x into development Jun 25, 2024

This MR contains the following updates:

Package	Type	Update	Change
DependencyTrack/dependency-track		patch	`4.11.3` -> `4.11.4`
DependencyTrack/dependency-track	ironbank-github	patch	`4.11.3` -> `4.11.4`

Release Notes

DependencyTrack/dependency-track (DependencyTrack/dependency-track)

`v4.11.4`

Compare Source

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes. If additional details are required, consult the closed issues for this release milestone.


##### SHA1
19531d4f02cccf26478b3a63feba355da8726b3f  dependency-track-apiserver.jar
3c4bb658783157ae9c408b8323e25e55c9ab25fd  dependency-track-bundled.jar

##### SHA256
9a09259ba4c19d02b81a39fb5894df758f19ff1bb43538d4b999b4a5789a9d9b  dependency-track-apiserver.jar
73fc867d347da8a8af14f8c6812e13b870037a28d7de83e2837db9c27d840100  dependency-track-bundled.jar

##### SHA512
a357be2617e9da6d4eaf19120316927ccddbc1290b9f0179287619864ffe2f6a349c9cab729853469425e273662e64cb49a4ede5498da937817b3cda01997af9  dependency-track-apiserver.jar
13fbf6477f2820b0926ad082063332e9f34de622e64b11cfe0fa4574ba5d2d9f41c06c791740ddb69a34fc71e21b6456f20c36018eb2b52e0664fdc47a41645f  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

Backport: Support ingestion of CycloneDX v1.6 BOMs by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3863

Bug Fixes 🐛

Backport: Fix inverted "show inactive" filter in vulnerability audit view by @nscuro (original change by @2000rosser) in https://github.com/DependencyTrack/dependency-track/pull/3864
Backport: Fix BOM validation failing when URL contains encoded [ and ] characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3866
Backport: Fix external references not being updated via POST /v1/component by @nscuro (original change by @sahibamittal) in https://github.com/DependencyTrack/dependency-track/pull/3867
Backport: Prevent XXE injection during CycloneDX validation and parsing by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3871

Dependency Updates 🤖

Backport: Bump bundled frontend to 4.11.4 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3875

Other Changes

Add changelog for v4.11.4 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3868

Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/4.11.3...4.11.4

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Update dependency DependencyTrack/dependency-track to v4.11.4