v0.5.0

What's Changed

Enhancements 🚀

• Raise baseline Java version to 21 by @nscuro in #1098
• Load cluster ID from database on startup by @nscuro in #1165
• Handle duplicate issues reported by Snyk by @nscuro in #1168
• Use /dev/urandom instead of openssl rand to generate secret key by @nscuro in #1173
• Run builds and CI on feature branches by @nscuro in #1192
• Add EPSS mirroring to mirror-service by @sahibamittal in #1135
• Wrap jdbc url environment variables in with conditional by @cortesnoel-lm in #1225
• Add dtrack.vuln-analysis.result.processed topic by @nscuro in #1166
• Issue 947 : Add table vulnerability_tags in schema by @sahibamittal in #1212
• Display percentiles for event processing durations on Grafana dashboard by @nscuro in #1193
• Introduce config-dependencytrack Quarkus extension by @nscuro in #1223
• Pull config via @ConfigProperty in notification-publisher by @nscuro in #1229
• Pull config via @ConfigProperty in mirror-service by @nscuro in #1236
• Update schema for clone project workflow by @sahibamittal in #1293
• Add mode of operation in Vulnerability policy by @sahibamittal in #1250
• Add CVSS and OWASP vectors to notification proto by @nscuro in #1303
• Port: Configurable email subject prefix by @leec94 in #1307
• Port: Bump CWE dictionary to v4.13 by @nscuro in #1322
• Schema change to add component property by @sahibamittal in #1323
• Port: add hackage and nixpkgs analyzers by @sahibamittal in #1332
• Port: Webhook alert token and new user alerts by @sahibamittal in #1338
• Port: Add the project name and project URL to bom processing notifications by @nscuro in #1342
• Update schema for Component Property by @sahibamittal in #1344
• Update CDX schema to v1.6 by @sahibamittal in #1382

Bug Fixes 🐛

• Fix broken e2e tests due to Quarkus RestClient requiring CDI context by @nscuro in #1170
• De-duplicate Snyk vulnerabilities by ID by @nscuro in #1182
• Fix mapping of CPEs to vers ranges when version is NA (-) by @nscuro in #1180
• Add date format to support offset in nuget analyser by @sahibamittal in #1264
• Fix broken email notifications in e2e test by @nscuro in #1266
• Fix parsing of decimal numbers in non-English locales by @nscuro in #1273
• Fix CVSS version detection for OSV by @nscuro in #1296
• Fix inconsistent source identifier for GitHub Advisories by @nscuro in #1298
• Fix VulnerabilityPolicyE2ET by @nscuro in #1304
• Port: withdrawn check for github advisory by @sahibamittal in #1305
• Port fix for npm purls with special characters by @sahibamittal in #1309
• Fix CVSS vectors missing from e2e notification asserts by @nscuro in #1308
• Fix role "root" does not exist in postgres healthcheck by @nscuro in #1321
• Port: Fix Slack notifications failing when no base URL is configured + Add tests for NewVulnerableDependencySubject by @sahibamittal in #1314
• Fix e2e tests failing to get API keys by @nscuro in #1334
• Gracefully handle MalformedVectorExceptions for invalid CVSS vectors by @nscuro in #1388

Dependency Updates 🤖

• Bump org.testcontainers:minio from 1.19.6 to 1.19.7 by @dependabot in #1120
• Bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 in /.github/workflows by @dependabot in #1122
• Bump quarkus.platform.version from 3.8.1 to 3.8.2 by @dependabot in #1123
• Bump docker/build-push-action from 5.1.0 to 5.2.0 in /.github/workflows by @dependabot in #1126
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-12 to 4.0.0-alpha-13 by @dependabot in #1125
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.2 to 6.0.0 by @dependabot in #1124
• Bump com.puppycrawl.tools:checkstyle from 10.14.0 to 10.14.1 by @dependabot in #1127
• Bump com.google.cloud.sql:postgres-socket-factory from 1.16.0 to 1.17.0 by @dependabot in #1131
• Bump com.squareup.okio:okio from 3.8.0 to 3.9.0 by @dependabot in #1130
• Bump actions/checkout from 4.1.1 to 4.1.2 in /.github/workflows by @dependabot in #1129
• Bump graalvm/setup-graalvm from 1.1.8.1 to 1.1.8.2 in /.github/workflows by @dependabot in #1128
• Bump actions/setup-java from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1132
• Bump docker/login-action from 3.0.0 to 3.1.0 in /.github/workflows by @dependabot in #1133
• Bump io.smallrye:jandex-maven-plugin from 3.1.6 to 3.1.7 by @dependabot in #1136
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 in /.github/workflows by @dependabot in #1139
• Bump docker/build-push-action from 5.2.0 to 5.3.0 in /.github/workflows by @dependabot in #1137
• Bump actions/setup-java from 4.2.0 to 4.2.1 in /.github/workflows by @dependabot in #1138
• Bump com.puppycrawl.tools:checkstyle from 10.14.1 to 10.14.2 by @dependabot in #1140
• Bump org.kohsuke:github-api from 1.319 to 1.320 by @dependabot in #1141
• Bump com.google.cloud.sql:postgres-socket-factory from 1.17.0 to 1.17.1 by @dependabot in #1142
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #1143
• Bump quarkus.platform.version from 3.8.2 to 3.8.3 by @dependabot in #1145
• Bump org.kohsuke:github-api from 1.320 to 1.321 by @dependabot in #1150
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #1157
• Bump bufbuild/buf-breaking-action from 1.1.3 to 1.1.4 in /.github/workflows by @dependabot in #1158
• Bump bufbuild/buf-lint-action from 1.1.0 to 1.1.1 in /.github/workflows by @dependabot in #1159
• Bump actions/setup-python from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot in #1160
• Bump io.github.jeremylong:open-vulnerability-clients from 6.0.0 to 6.0.1 by @dependabot in #1161
• Bump com.puppycrawl.tools:checkstyle from 10.14.2 to 10.15.0 by @dependabot in #1167
• Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #1169
• Bump quarkus.platform.version from 3.8.3 to 3.9.1 by @dependabot in #1163
• Bump bufbuild/buf-setup-action from 1.30.0 to 1.30.1 in /.github/workflows by @dependabot in #1172
• Bump quarkus.platform.version from 3.9.1 to 3.9.2 by @dependabot in #1171
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 in /.github/workflows by @dependabot in #1177
• Bump quarkus.platform.version from 3.9.2 to 3.9.3 by @dependabot in #1183
• Bump azure/setup-helm from 3.5 to 4 in /.github/workflows by @dependabot in #1185
• Bump graalvm/setup-graalvm from 1.1.8.2 to 1.2.1 in /.github/workflows by @dependabot in #1184
• Bump kafka-clients to 3.6.2 and remove mockserver-netty by @nscuro in #1187
• Bump images by @nscuro in #1186
• Bump azure/setup-helm from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1196
• Bump com.google.cloud.sql:postgres-socket-factory from 1.17.1 to 1.18.0 by @dependabot in #1201
• Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 in /.github/workflows by @dependabot in #1208
• Bump actions/download-artifact from 4.1.4 to 4.1.5 in /.github/workflows by @dependabot in #1217
• Bump actions/upload-artifact from 4.3.1 to 4.3.2 in /.github/workflows by @dependabot in #1218
• Bump quarkus.platform.version from 3.9.3 to 3.9.4 by @dependabot in #1220
• Bump actions/checkout from 4.1.2 to 4.1.3 in /.github/workflows by @dependabot in #1221
• Bump actions/upload-artifact from 4.3.2 to 4.3.3 in /.github/workflows by @dependabot in #1228
• Bump bufbuild/buf-setup-action from 1.30.1 to 1.31.0 in /.github/workflows by @dependabot in #1230
• Bump actions/checkout from 4.1.3 to 4.1.4 in /.github/workflows by @dependabot in #1234
• Bump actions/download-artifact from 4.1.5 to 4.1.7 in /.github/workflows by @dependabot in #1233
• Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 in /.github/workflows by @dependabot in #1241
• Bump io.minio:minio from 8.5.9 to 8.5.10 by @dependabot in #1240
• Bump com.puppycrawl.tools:checkstyle from 10.15.0 to 10.16.0 by @dependabot in #1243
• Bump quarkus.platform.version from 3.9.4 to 3.9.5 by @dependabot in #1244
• Bump Redpanda containers by @nscuro in #1248
• Bump quarkus.platform.version from 3.9.5 to 3.10.0 by @dependabot in #1249
• Bump actions/checkout from 4.1.4 to 4.1.5 in /.github/workflows by @dependabot in #1251
• Bump io.smallrye:jandex-maven-plugin from 3.1.7 to 3.1.8 by @dependabot in #1252
• Bump org.testcontainers:minio from 1.19.7 to 1.19.8 by @dependabot in #1255
• Bump lib.quarkus-mailpit.version from 0.0.9 to 1.0.0 by @dependabot in #1253
• Bump quarkus.platform.version from 3.10.0 to 3.10.1 by @dependabot in #1259
• Bump com.google.cloud.sql:postgres-socket-factory from 1.18.0 to 1.18.1 by @dependabot in #1258
• Bump lib.quarkus-mailpit.version from 1.0.0 to 1.0.1 by @dependabot in #1257
• Bump bufbuild/buf-setup-action from 1.31.0 to 1.32.0 in /.github/workflows by @dependabot in #1261
• Bump actions/checkout from 4.1.5 to 4.1.6 in /.github/workflows by @dependabot in #1260
• Bump bufbuild/buf-setup-action from 1.32.0 to 1.32.1 in /.github/workflows by @dependabot in #1269
• Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 by @dependabot in #1276
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-13 to 4.0.0-beta-3 by @dependabot in #1282
• Bump cvss-calculator to 1.4.3 by @nscuro in #1283
• Bump docker/login-action from 3.1.0 to 3.2.0 in /.github/workflows by @dependabot in #1290
• Bump bufbuild/buf-setup-action from 1.32.1 to 1.32.2 in /.github/workflows by @dependabot in #1289
• Bump com.puppycrawl.tools:checkstyle from 10.16.0 to 10.17.0 by @dependabot in #1288
• Bump com.fasterxml.uuid:java-uuid-generator from 5.0.0 to 5.1.0 by @dependabot in #1299
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 by @dependabot in #1302
• Bump Redpanda and Redpanda Console by @nscuro in #1313
• Bump lib.quarkus-mailpit.version from 1.0.1 to 1.1.0 by @dependabot in #1316
• Bump docker/build-push-action from 5.3.0 to 5.4.0 in /.github/workflows by @dependabot in #1319
• Bump com.google.cloud.sql:postgres-socket-factory from 1.18.1 to 1.19.0 by @dependabot in #1324
• Bump actions/checkout from 4.1.6 to 4.1.7 in /.github/workflows by @dependabot in #1326
• Bump io.confluent.parallelconsumer:parallel-consumer-core from 0.5.2.8 to 0.5.3.0 by @dependabot in #1329
• Bump quarkus.platform.version from 3.10.1 to 3.11.2 by @dependabot in #1327
• Bump bufbuild/buf-setup-action from 1.32.2 to 1.33.0 in /.github/workflows by @dependabot in #1328
• Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 by @dependabot in #1337
• Bump surefire-plugin.version from 3.2.5 to 3.3.0 by @dependabot in #1335
• Bump quarkus.wiremock.version from 1.3.2 to 1.3.3 by @dependabot in #1336
• Bump io.github.nscuro:versatile from 0.6.1 to 0.7.0 by @dependabot in #1341
• Bump actions/checkout from 4.1.6 to 4.1.7 in /.github/workflows by @dependabot in #1340
• Bump docker/build-push-action from 5.4.0 to 6.0.0 in /.github/workflows by @dependabot in #1339
• Bump docker/build-push-action from 6.0.0 to 6.0.1 in /.github/workflows by @dependabot in #1346
• Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 in /.github/workflows by @dependabot in #1347
• Bump graalvm/setup-graalvm from 1.2.1 to 1.2.2 in /.github/workflows by @dependabot in #1345
• Bump quarkus.platform.version from 3.11.2 to 3.12.0 by @dependabot in #1349
• Bump org.kohsuke:github-api from 1.321 to 1.322 by @dependabot in #1350
• Bump lib.open-feign.version from 13.2.1 to 13.3 by @dependabot in #1352
• Bump docker/build-push-action from 6.0.1 to 6.0.2 in /.github/workflows by @dependabot in #1351
• Bump io.minio:minio from 8.5.10 to 8.5.11 by @dependabot in #1357
• Bump docker/build-push-action from 6.0.2 to 6.1.0 in /.github/workflows by @dependabot in #1356
• Bump bufbuild/buf-setup-action from 1.33.0 to 1.34.0 in /.github/workflows by @dependabot in #1355
• Bump io.smallrye:jandex-maven-plugin from 3.1.8 to 3.2.0 by @dependabot in #1262
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.7 to 3.3.0 by @dependabot in #1364
• Bump docker/build-push-action from 6.1.0 to 6.2.0 in /.github/workflows by @dependabot in #1363
• Bump lib.kafka.version from 3.7.0 to 3.7.1 by @dependabot in #1365
• Bump io.github.jeremylong:open-vulnerability-clients from 6.0.1 to 6.1.0 by @dependabot in #1366
• Bump org.kohsuke:github-api from 1.322 to 1.323 by @dependabot in #1369
• Bump docker/setup-qemu-action from 3.0.0 to 3.1.0 in /.github/workflows by @dependabot in #1372
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.3.0 to 3.4.0 by @dependabot in #1375
• Bump quarkus.platform.version from 3.12.0 to 3.12.1 by @dependabot in #1374
• Bump docker/build-push-action from 6.2.0 to 6.3.0 in /.github/workflows by @dependabot in #1373
• Bump io.github.jeremylong:open-vulnerability-clients from 6.1.0 to 6.1.1 by @dependabot in #1371
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 in /.github/workflows by @dependabot in #1376
• Bump jbangdev/jbang-action from 0.115.0 to 0.117.1 in /.github/workflows by @dependabot in #1377
• Bump actions/download-artifact from 4.1.7 to 4.1.8 in /.github/workflows by @dependabot in #1378
• Bump org.assertj:assertj-core from 3.26.0 to 3.26.3 by @dependabot in #1381
• Bump actions/setup-python from 5.1.0 to 5.1.1 in /.github/workflows by @dependabot in #1386
• Bump surefire-plugin.version from 3.3.0 to 3.3.1 by @dependabot in #1385
• Bump com.google.cloud.sql:postgres-socket-factory from 1.19.0 to 1.19.1 by @dependabot in #1384
• Bump quarkus.platform.version from 3.12.1 to 3.12.2 by @dependabot in #1383
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.0 to 3.1.1 by @dependabot in #1387
• Bump io.github.jeremylong:open-vulnerability-clients from 6.1.1 to 6.1.6 by @dependabot in #1380
• Bump lib.quarkus-mailpit.version from 1.1.0 to 1.1.1 by @dependabot in #1390
• Bump docker/build-push-action from 6.3.0 to 6.4.0 in /.github/workflows by @dependabot in #1389
• Bump org.testcontainers:minio from 1.19.8 to 1.20.0 by @dependabot in #1396
• Bump quarkus.platform.version from 3.12.2 to 3.12.3 by @dependabot in #1395
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.4.0 to 3.4.1 by @dependabot in #1393
• Bump docker/build-push-action from 6.4.0 to 6.4.1 in /.github/workflows by @dependabot in #1397
• Bump io.github.jeremylong:open-vulnerability-clients from 6.1.6 to 6.1.7 by @dependabot in #1394

Documentation 📃

• Setup GitHub issue and PR templates by @sahibamittal in #1176
• Add database operations documentation by @nscuro in #1194
• Add script to generate config docs by @nscuro in #1156
• Doc: Schema present mssql as possible database by @worming004 in #1198
• Remove timestamp from config doc template by @nscuro in #1199
• Update config docs by @github-actions in #1197
• Update config docs by @github-actions in #1202
• Don't label docs for SNAPSHOT versions as latest by @nscuro in #1204
• Enrich mirror-service configuration with annotations for docs generation by @nscuro in #1206
• Update config docs by @github-actions in #1207
• Alias docs for -SNAPSHOT versions as snapshot by @nscuro in #1209
• Use hyperlinks when referring to configuration options in the docs by @nscuro in #1211
• Update config docs by @github-actions in #1222
• Update config docs by @github-actions in #1268
• Replace Sonar badges with Codacy badges by @nscuro in #1279
• Minor doc fixes by @nscuro in #1280
• Remove Sonar properties by @nscuro in #1281
• Update config docs by @github-actions in #1287
• Enrich repo-meta-analyzer configuration with annotations for docs generation by @nscuro in #1286
• Update config docs by @github-actions in #1291
• Add docs for advanced database config by @nscuro in #1310
• Add initial development docs by @nscuro in #1191
• Update Deployment docs for Helm chart by @nscuro in #1325
• Link to docs for DB migration and doc update checkboxes by @nscuro in #1331
• Update port status in README.md by @nscuro in #1348
• Update config docs by @github-actions in #1359
• Clean up and extend documentation by @nscuro in #1354
• Enable social cards for documentation by @nscuro in #1367
• Generate documentation for Protobuf definitions by @nscuro in #1368

Other Changes

• Reduce verbosity of Maven in CI by @nscuro in #1144
• Transfer copyright from Steve Springett to OWASP Foundation by @nscuro in #1147
• Add license header and enforce presence with Checkstyle by @nscuro in #1153
• Replace custom vers handling with versatile by @sahibamittal in #1103
• Reduce resource footprint of e2e tests by @nscuro in #1164
• Fix broken assertion in e2e test by @nscuro in #1178
• Update API server dashboard to use Parallel Consumer metric for mirror processing duration by @nscuro in #1093
• Update API server dashboard to include Parallel Consumer metric for repo meta processing duration by @nscuro in #1094
• Update labels used in workflows and release notes by @nscuro in #1239
• POM cleanup by @nscuro in #1245
• Fix Checkstyle error when running specific Maven module by @nscuro in #1246
• Port: Add Cargo Analyzer by @leec94 in #1242
• Update schema.sql by @nscuro in #1247
• Introduce quarkus wiremock extension by @sahibamittal in #1254
• Change Sonar to Codacy by @sahibamittal in #1235
• Fix Publish test coverage build step by @nscuro in #1275
• Fix Commit SHA-1 hash isn't valid when publishing coverage by @nscuro in #1277
• Fix tests not being executed for PRs by @nscuro in #1278
• Move GenerateConfigDocs to DependencyTrack/jbang-catalog by @nscuro in #1284
• Remove generate-cwe-definitions.py by @nscuro in #1285
• Apply schema changes from DependencyTrack/hyades-apiserver#706 by @nscuro in #1318
• Port: Disable Maven transfer progress in CI by @nscuro in #1330
• Decouple e2e tests into separate workflow by @nscuro in #1315
• Remove Helm chart by @nscuro in #1353
• Fix invalid URL in bloated.cdx.json test file by @nscuro in #1360
• Update database schema with recent changes by @nscuro in #1362

New Contributors

• @worming004 made their first contribution in #1198
• @github-actions made their first contribution in #1197
• @cortesnoel-lm made their first contribution in #1225
• @leec94 made their first contribution in #1242

Full Changelog: v0.4.0...v0.5.0