0.7.0-alpha.1

What's Changed

Breaking Changes 🚨

• Decommission notification publisher by @nscuro in #1977

Enhancements 🚀

• Issue 1926 : Add support for CVSS v4 by @sahibamittal in #2024

Bug Fixes 🐛

• Add SELinux :Z suffix to docker-compose volumes by @volodymyr-jdev in #2022

Dependency Updates 🤖

• Bump docker/login-action from 3.6.0 to 3.7.0 in /.github/workflows by @dependabot[bot] in #2012
• Bump quarkus.platform.version from 3.31.0 to 3.31.1 by @dependabot[bot] in #2013
• Bump lib.protobuf-java.version from 4.33.4 to 4.33.5 by @dependabot[bot] in #2015
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0 by @dependabot[bot] in #2019
• Bump com.puppycrawl.tools:checkstyle from 13.0.0 to 13.1.0 by @dependabot[bot] in #2020
• Bump quarkus.platform.version from 3.31.1 to 3.31.2 by @dependabot[bot] in #2027
• Bump imjasonh/setup-crane from 0.4 to 0.5 in /.github/workflows by @dependabot[bot] in #2026
• Bump jbangdev/jbang-action from 0.135.1 to 0.136.0 in /.github/workflows by @dependabot[bot] in #2023
• Bump com.puppycrawl.tools:checkstyle from 13.1.0 to 13.2.0 by @dependabot[bot] in #2028
• Bump lib.open-feign.version from 13.6 to 13.7 by @dependabot[bot] in #2031
• Bump lib.open-feign.version from 13.7 to 13.8 by @dependabot[bot] in #2032
• Bump quarkus.platform.version from 3.31.2 to 3.31.3 by @dependabot[bot] in #2035

Documentation 📃

• Update config docs by @github-actions[bot] in #2011
• Add basic design documentation for the notification system by @nscuro in #2014
• Update config docs by @github-actions[bot] in #2016
• Update proto docs by @github-actions[bot] in #2029
• Update config docs by @github-actions[bot] in #2030
• Add basic design documentation for dex by @nscuro in #2033
• Update config docs by @github-actions[bot] in #2034

New Contributors

• @volodymyr-jdev made their first contribution in #2022

Full Changelog: 0.7.0-alpha.0...0.7.0-alpha.1

0.7.0-alpha.0

What's Changed

Breaking Changes 🚨

• Remove native image builds by @nscuro in #1995

Enhancements 🚀

• Enforce punctuation latency ceiling by @nscuro in #1841
• Add is_active field to Project message by @sahibamittal in #1844
• Enforce punctuation latency ceiling for scanner result aggregator by @nscuro in #1846
• Remove NVD from mirror-service by @nscuro in #1861
• Remove GitHub from mirror-service by @nscuro in #1869
• Remove EPSS from mirror-service by @nscuro in #1871
• Remove mirror-service post migration of all vuln sources to extension points by @sahibamittal in #1874
• Add ID field to notification proto by @nscuro in #1898
• Adopt notification_level enum type for NOTIFICATIONRULE table by @nscuro in #1906
• Raise minimum Postgres version to 14 by @nscuro in #1912
• Increase timeout of expected scanner results KTable by @nscuro in #1918
• Update release workflow to support prereleases by @nscuro in #2009

Bug Fixes 🐛

• Consider TimeoutException to be retryable by @nscuro in #1840
• Add null checks to NvdToCyclonedxParser by @sahibamittal in #1847
• Fix initializer in e2e tests by @nscuro in #1975

Dependency Updates 🤖

• Bump quarkus.platform.version from 3.21.3 to 3.25.2 by @dependabot[bot] in #1772
• Bump com.squareup.okio:okio from 3.11.0 to 3.16.0 by @dependabot[bot] in #1825
• Bump org.apache.maven:maven-artifact from 4.0.0-rc-3 to 4.0.0-rc-4 by @dependabot[bot] in #1804
• Bump io.smallrye:jandex-maven-plugin from 3.2.7 to 3.4.0 by @dependabot[bot] in #1817
• Bump com.icegreen:greenmail-junit5 from 2.1.3 to 2.1.5 by @dependabot[bot] in #1827
• Bump com.puppycrawl.tools:checkstyle from 10.24.0 to 11.0.0 by @dependabot[bot] in #1828
• Bump quarkus.platform.version from 3.25.2 to 3.25.3 by @dependabot[bot] in #1826
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 by @dependabot[bot] in #1833
• Bump org.testcontainers:minio from 1.21.0 to 1.21.3 by @dependabot[bot] in #1831
• Bump lib.protobuf-java.version from 4.31.1 to 4.32.0 by @dependabot[bot] in #1832
• Bump net.javacrumbs.json-unit:json-unit-assertj from 4.1.0 to 4.1.1 by @dependabot[bot] in #1834
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 by @dependabot[bot] in #1836
• Bump org.json:json from 20250107 to 20250517 by @dependabot[bot] in #1839
• Bump com.google.cloud.sql:postgres-socket-factory from 1.25.0 to 1.25.3 by @dependabot[bot] in #1838
• Bump org.xerial.snappy:snappy-java from 1.1.10.7 to 1.1.10.8 by @dependabot[bot] in #1843
• Bump lib.quarkus-mailpit.version from 1.6.4 to 1.7.0 by @dependabot[bot] in #1848
• Bump io.confluent.parallelconsumer:parallel-consumer-core from 0.5.3.2 to 0.5.3.3 by @dependabot[bot] in #1852
• Bump Quarkus to 3.25.4 by @nscuro in #1851
• Bump jbangdev/jbang-action from 0.119.0 to 0.132.1 in /.github/workflows by @dependabot[bot] in #1878
• Bump docker/build-push-action from 6.10.0 to 6.18.0 in /.github/workflows by @dependabot[bot] in #1882
• Bump peter-evans/create-pull-request from 7.0.5 to 7.0.8 in /.github/workflows by @dependabot[bot] in #1880
• Bump docker/setup-buildx-action from 3.8.0 to 3.11.1 in /.github/workflows by @dependabot[bot] in #1881
• Bump actions/checkout from 4.2.2 to 5.0.0 in /.github/workflows by @dependabot[bot] in #1877
• Bump bufbuild/buf-setup-action from 1.47.2 to 1.50.0 in /.github/workflows by @dependabot[bot] in #1886
• Bump actions/setup-python from 5.3.0 to 6.0.0 in /.github/workflows by @dependabot[bot] in #1889
• Bump actions/setup-java from 4.6.0 to 5.0.0 in /.github/workflows by @dependabot[bot] in #1888
• Bump graalvm/setup-graalvm from 1.2.6 to 1.4.1 in /.github/workflows by @dependabot[bot] in #1887
• Bump docker/setup-qemu-action from 3.2.0 to 3.6.0 in /.github/workflows by @dependabot[bot] in #1885
• Bump docker/login-action from 3.3.0 to 3.6.0 in /.github/workflows by @dependabot[bot] in #1890
• Bump actions/download-artifact from 4.1.8 to 5.0.0 in /.github/workflows by @dependabot[bot] in #1891
• Bump actions/upload-artifact from 4 to 5 in /.github/workflows by @dependabot[bot] in #1902
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 in /.github/workflows by @dependabot[bot] in #1901
• Bump actions/download-artifact from 5.0.0 to 6.0.0 in /.github/workflows by @dependabot[bot] in #1900
• Bump actions/checkout from 5.0.0 to 5.0.1 in /.github/workflows by @dependabot[bot] in #1919
• Bump actions/setup-python from 6.0.0 to 6.1.0 in /.github/workflows by @dependabot[bot] in #1925
• Bump jbangdev/jbang-action from 0.132.1 to 0.134.2 in /.github/workflows by @dependabot[bot] in #1924
• Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 in /.github/workflows by @dependabot[bot] in #1923
• Bump actions/checkout from 5.0.1 to 6.0.0 in /.github/workflows by @dependabot[bot] in #1922
• Bump docker/setup-qemu-action from 3.6.0 to 3.7.0 in /.github/workflows by @dependabot[bot] in #1909
• Bump Quarkus to 3.26.4 by @nscuro in #1931
• Bump Quarkus to 3.28.5 by @nscuro in #1932
• Update Kafka, Pebble, and Quarkus versions by @sahibamittal in #1929
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.6 by @dependabot[bot] in #1936
• Bump com.icegreen:greenmail-junit5 from 2.1.5 to 2.1.7 by @dependabot[bot] in #1935
• Bump jbangdev/jbang-action from 0.134.2 to 0.135.0 in /.github/workflows by @dependabot[bot] in #1940
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.4 in /.github/workflows by @dependabot[bot] in #1933
• Bump actions/setup-java from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot[bot] in #1938
• Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 in /.github/workflows by @dependabot[bot] in #1939
• Bump actions/checkout from 6.0.0 to 6.0.1 in /.github/workflows by @dependabot[bot] in #1937
• Bump io.smallrye:jandex-maven-plugin from 3.4.0 to 3.5.3 by @dependabot[bot] in #1944
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.3.0 by @dependabot[bot] in #1943
• Bump com.puppycrawl.tools:checkstyle from 11.0.0 to 12.2.0 by @dependabot[bot] in #1942
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1 by @dependabot[bot] in #1945
• Bump us.springett:cpe-parser from 3.0.0 to 3.0.1 by @dependabot[bot] in #1948
• Bump org.apache.maven:maven-artifact from 4.0.0-rc-4 to 4.0.0-rc-5 by @dependabot[bot] in #1946
• Bump actions/download-artifact from 6.0.0 to 7.0.0 in /.github/workflows by @dependabot[bot] in #1949
• Bump jbangdev/jbang-action from 0.135.0 to 0.135.1 in /.github/workflows by @dependabot[bot] in #194...

v0.6.0

What's Changed

Breaking Changes 🚨

• Rename kafka topic prefix for apache kafka compatibility by @sahibamittal in #1411

Enhancements 🚀

• Enable Quarkus incubating model resolver by @nscuro in #1433
• Port: Bump CWE dictionary to v4.14 by @nscuro in #1445
• Port : Add Notification For BOM_VALIDATION_FAILED by @sahibamittal in #1443
• Use native UUID type for UUID colums by @sahibamittal in #1452
• Revert "Revert "Use native UUID type for UUID colums"" by @sahibamittal in #1467
• Support idle connection eviction of database config source by @nscuro in #1475
• Add initializer container to Docker Compose by @nscuro in #1479
• Disable database connection pooling for initializer by @nscuro in #1496
• Limit memory usage of RocksDB and make it more configurable by @nscuro in #1498
• Migrate to Quarkus-native CycloneDX SBOM generation by @nscuro in #1502
• Update schema.sql for JSONB migration of DIRECT_DEPENDENCIES by @nscuro in #1516
• Enable reWriteBatchedInserts Postgres JDBC driver option in e2e tests by @nscuro in #1529
• Port : Add tag support for notifications by @sahibamittal in #1532
• Add initializer container to e2e tests by @nscuro in #1537
• Update schema with project isLatest flag by @sahibamittal in #1551
• Port : Exclude pre-releases from NuGet latest version check by @sahibamittal in #1595
• Migrate project active flag to date type inactiveSince by @sahibamittal in #1611
• Exclude NULLs from component hash indexes by @nscuro in #1647
• Mirror container images to Docker Hub by @nscuro in #1672
• Provide e2e functionality with playwright-bdd and allure report by @elAlmani in #1689
• Materialize project hierarchies in separate table by @nscuro in #1700
• Update DB schema with recent changes by @nscuro in #1738
• Update schema for new severity enum type by @sahibamittal in #1751
• Issue-1744 : Update schema.sql for metrics partition changes by @sahibamittal in #1786
• Migrate playwright-bdd e2e approach to new repository by @elAlmani in #1816
• Update initializer config in docker-compose.yaml by @nscuro in #1819

Bug Fixes 🐛

• Fix max.compaction.lag.ms to make it compatible with Apache Kafka by @sahibamittal in #1399
• Port : Fix project link for new vulnerable dependency for email by @sahibamittal in #1440
• Use /api/v1/event/token/{uuid} instead of /api/v1/bom/token/{uui} in e2e tests by @nscuro in #1528
• Fix native mirror-service not being built upon change in commons-persistence by @nscuro in #1518
• Fix scheduled e2e tests failing due to missing image tag by @nscuro in #1530
• Fix missing reflection configs for NVD model classes by @nscuro in #1596
• Port : Fix CPE matching for NVD mirroring via REST API by @sahibamittal in #1631
• Port: Handle GitHub GraphQL API rate limiting by @nscuro in #1649
• Remove buildx from native image build job by @nscuro in #1664
• Bump open-vulnerability-clients version by @sahibamittal in #1673
• Port: Disable include tag for Pebble templates by @nscuro in #1684

Dependency Updates 🤖

• Bump Redpanda to v24.1.11 by @nscuro in #1398
• Bump docker/build-push-action from 6.4.1 to 6.5.0 in /.github/workflows by @dependabot[bot] in #1405
• Bump docker/login-action from 3.2.0 to 3.3.0 in /.github/workflows by @dependabot[bot] in #1402
• Bump docker/setup-qemu-action from 3.1.0 to 3.2.0 in /.github/workflows by @dependabot[bot] in #1404
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 in /.github/workflows by @dependabot[bot] in #1403
• Bump bufbuild/buf-setup-action from 1.34.0 to 1.35.0 in /.github/workflows by @dependabot[bot] in #1401
• Bump bufbuild/buf-setup-action from 1.35.0 to 1.35.1 in /.github/workflows by @dependabot[bot] in #1413
• Bump quarkus.platform.version from 3.12.3 to 3.13.0 by @dependabot[bot] in #1412
• Bump io.smallrye:jandex-maven-plugin from 3.2.0 to 3.2.1 by @dependabot[bot] in #1421
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 in /.github/workflows by @dependabot[bot] in #1420
• Bump lib.quarkus-mailpit.version from 1.1.1 to 1.2.1 by @dependabot[bot] in #1423
• Bump org.testcontainers:minio from 1.20.0 to 1.20.1 by @dependabot[bot] in #1426
• Bump lib.quarkus-mailpit.version from 1.2.1 to 1.2.2 by @dependabot[bot] in #1425
• Update various dependencies by @nscuro in #1429
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 by @dependabot[bot] in #1431
• Bump actions/setup-java from 4.2.1 to 4.2.2 in /.github/workflows by @dependabot[bot] in #1434
• Bump bufbuild/buf-setup-action from 1.35.1 to 1.36.0 in /.github/workflows by @dependabot[bot] in #1436
• Bump Redpanda to v24.2.2 by @nscuro in #1441
• Bump quarkus.platform.version from 3.13.0 to 3.13.1 by @dependabot[bot] in #1437
• Bump docker/build-push-action from 6.5.0 to 6.6.1 in /.github/workflows by @dependabot[bot] in #1439
• Bump org.xerial.snappy:snappy-java from 1.1.10.5 to 1.1.10.6 by @dependabot[bot] in #1438
• Bump io.smallrye:jandex-maven-plugin from 3.2.1 to 3.2.2 by @dependabot[bot] in #1444
• Bump quarkus.platform.version from 3.13.1 to 3.13.2 by @dependabot[bot] in #1448
• Bump graalvm/setup-graalvm from 1.2.2 to 1.2.3 in /.github/workflows by @dependabot[bot] in #1447
• Bump docker/build-push-action from 6.6.1 to 6.7.0 in /.github/workflows by @dependabot[bot] in #1450
• Bump com.google.cloud.sql:postgres-socket-factory from 1.19.1 to 1.20.0 by @dependabot[bot] in #1451
• Bump bufbuild/buf-setup-action from 1.36.0 to 1.37.0 in /.github/workflows by @dependabot[bot] in #1456
• Bump io.minio:minio from 8.5.11 to 8.5.12 by @dependabot[bot] in #1455
• Bump surefire-plugin.version from 3.3.1 to 3.4.0 by @dependabot[bot] in #1454
• Bump org.kohsuke:github-api from 1.323 to 1.324 by @dependabot[bot] in #1458
• Bump quarkus.platform.version from 3.13.2 to 3.13.3 by @dependabot[bot] in #1459
• Bump bufbuild/buf-setup-action from 1.37.0 to 1.38.0 in /.github/workflows by @dependabot[bot] in #1463
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.4.0 to 3.5.0 by @dependabot[bot] in #1462
• Bump com.puppycrawl.tools:checkstyle from 10.17.0 to 10.18.0 by @dependabot[bot] in #1466
• Bump bufbuild/buf-setup-action from 1.38.0 to 1.39.0 in /.github/workflows by @dependabot[bot] in #1469
• Bump surefire-plugin.version from 3.4.0 to 3.5.0 by @dependabot[bot] in #1471
• Bump quarkus.platform.version from 3.13.3 to 3.14.1 by @dependabot[bot] in #1472
• Bump lib.protobuf-java.version from 3.25.4 to 4.28.0 by @dependabot[bot] in https://github.com/...

v0.5.0

What's Changed

Enhancements 🚀

• Raise baseline Java version to 21 by @nscuro in #1098
• Load cluster ID from database on startup by @nscuro in #1165
• Handle duplicate issues reported by Snyk by @nscuro in #1168
• Use /dev/urandom instead of openssl rand to generate secret key by @nscuro in #1173
• Run builds and CI on feature branches by @nscuro in #1192
• Add EPSS mirroring to mirror-service by @sahibamittal in #1135
• Wrap jdbc url environment variables in with conditional by @cortesnoel-lm in #1225
• Add dtrack.vuln-analysis.result.processed topic by @nscuro in #1166
• Issue 947 : Add table vulnerability_tags in schema by @sahibamittal in #1212
• Display percentiles for event processing durations on Grafana dashboard by @nscuro in #1193
• Introduce config-dependencytrack Quarkus extension by @nscuro in #1223
• Pull config via @ConfigProperty in notification-publisher by @nscuro in #1229
• Pull config via @ConfigProperty in mirror-service by @nscuro in #1236
• Update schema for clone project workflow by @sahibamittal in #1293
• Add mode of operation in Vulnerability policy by @sahibamittal in #1250
• Add CVSS and OWASP vectors to notification proto by @nscuro in #1303
• Port: Configurable email subject prefix by @leec94 in #1307
• Port: Bump CWE dictionary to v4.13 by @nscuro in #1322
• Schema change to add component property by @sahibamittal in #1323
• Port: add hackage and nixpkgs analyzers by @sahibamittal in #1332
• Port: Webhook alert token and new user alerts by @sahibamittal in #1338
• Port: Add the project name and project URL to bom processing notifications by @nscuro in #1342
• Update schema for Component Property by @sahibamittal in #1344
• Update CDX schema to v1.6 by @sahibamittal in #1382

Bug Fixes 🐛

• Fix broken e2e tests due to Quarkus RestClient requiring CDI context by @nscuro in #1170
• De-duplicate Snyk vulnerabilities by ID by @nscuro in #1182
• Fix mapping of CPEs to vers ranges when version is NA (-) by @nscuro in #1180
• Add date format to support offset in nuget analyser by @sahibamittal in #1264
• Fix broken email notifications in e2e test by @nscuro in #1266
• Fix parsing of decimal numbers in non-English locales by @nscuro in #1273
• Fix CVSS version detection for OSV by @nscuro in #1296
• Fix inconsistent source identifier for GitHub Advisories by @nscuro in #1298
• Fix VulnerabilityPolicyE2ET by @nscuro in #1304
• Port: withdrawn check for github advisory by @sahibamittal in #1305
• Port fix for npm purls with special characters by @sahibamittal in #1309
• Fix CVSS vectors missing from e2e notification asserts by @nscuro in #1308
• Fix role "root" does not exist in postgres healthcheck by @nscuro in #1321
• Port: Fix Slack notifications failing when no base URL is configured + Add tests for NewVulnerableDependencySubject by @sahibamittal in #1314
• Fix e2e tests failing to get API keys by @nscuro in #1334
• Gracefully handle MalformedVectorExceptions for invalid CVSS vectors by @nscuro in #1388

Dependency Updates 🤖

• Bump org.testcontainers:minio from 1.19.6 to 1.19.7 by @dependabot in #1120
• Bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 in /.github/workflows by @dependabot in #1122
• Bump quarkus.platform.version from 3.8.1 to 3.8.2 by @dependabot in #1123
• Bump docker/build-push-action from 5.1.0 to 5.2.0 in /.github/workflows by @dependabot in #1126
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-12 to 4.0.0-alpha-13 by @dependabot in #1125
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.2 to 6.0.0 by @dependabot in #1124
• Bump com.puppycrawl.tools:checkstyle from 10.14.0 to 10.14.1 by @dependabot in #1127
• Bump com.google.cloud.sql:postgres-socket-factory from 1.16.0 to 1.17.0 by @dependabot in #1131
• Bump com.squareup.okio:okio from 3.8.0 to 3.9.0 by @dependabot in #1130
• Bump actions/checkout from 4.1.1 to 4.1.2 in /.github/workflows by @dependabot in #1129
• Bump graalvm/setup-graalvm from 1.1.8.1 to 1.1.8.2 in /.github/workflows by @dependabot in #1128
• Bump actions/setup-java from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1132
• Bump docker/login-action from 3.0.0 to 3.1.0 in /.github/workflows by @dependabot in #1133
• Bump io.smallrye:jandex-maven-plugin from 3.1.6 to 3.1.7 by @dependabot in #1136
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 in /.github/workflows by @dependabot in #1139
• Bump docker/build-push-action from 5.2.0 to 5.3.0 in /.github/workflows by @dependabot in #1137
• Bump actions/setup-java from 4.2.0 to 4.2.1 in /.github/workflows by @dependabot in #1138
• Bump com.puppycrawl.tools:checkstyle from 10.14.1 to 10.14.2 by @dependabot in #1140
• Bump org.kohsuke:github-api from 1.319 to 1.320 by @dependabot in #1141
• Bump com.google.cloud.sql:postgres-socket-factory from 1.17.0 to 1.17.1 by @dependabot in #1142
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #1143
• Bump quarkus.platform.version from 3.8.2 to 3.8.3 by @dependabot in #1145
• Bump org.kohsuke:github-api from 1.320 to 1.321 by @dependabot in #1150
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #1157
• Bump bufbuild/buf-breaking-action from 1.1.3 to 1.1.4 in /.github/workflows by @dependabot in #1158
• Bump bufbuild/buf-lint-action from 1.1.0 to 1.1.1 in /.github/workflows by @dependabot in #1159
• Bump actions/setup-python from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot in #1160
• Bump io.github.jeremylong:open-vulnerability-clients from 6.0.0 to 6.0.1 by @dependabot in #1161
• Bump com.puppycrawl.tools:checkstyle from 10.14.2 to 10.15.0 by @dependabot in #1167
• Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #1169
• Bump quarkus.platform.version from 3.8.3 to 3.9.1 by @dependabot in #1163
• Bump bufbuild/buf-setup-action from 1.30.0 to 1.30.1 in /.github/workflows by @dependabot in #1172
• Bump quarkus.platform.version from 3.9.1 to 3.9.2 by @dependabot in #1171
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 in /.github/workflows by @dependabot in #1177
• Bump quarkus.platform.version from 3.9.2 to 3.9.3 by @dependabot in #1183
• Bump azure/setup-helm from 3.5 to 4 in /.github/workflows by @dependabot in #1185
• Bump graalvm/setup-graalvm from 1.1.8.2 to 1.2.1 in /.github/workflows by @dependabot in https://github.com/DependencyTrack/hyades/pull/...

v0.4.0

What's Changed

Enhancements 🚀

• Emit logs as WARN when encountering retryable exceptions by @nscuro in #1102
• Bump container base images to Java 21, and build against Java 21 in CI by @nscuro in #1095

Bug Fixes 🐛

• Port notification publisher fixes and tests by @nscuro in #1073
• Fix generate-bom-testdata.sh failing due to removed ZAP image by @nscuro in #1109

Dependency Updates 🤖

• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.4 to 3.2.5 by @dependabot in #1084
• Bump com.github.tomakehurst:wiremock-jre8-standalone from 2.35.1 to 2.35.2 by @dependabot in #1083
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.1 to 5.1.2 by @dependabot in #1082
• Bump org.kohsuke:github-api from 1.318 to 1.319 by @dependabot in #1085
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.5 to 3.2.7 by @dependabot in #1088
• Bump quarkus.platform.version from 3.7.3 to 3.7.4 by @dependabot in #1086
• Bump org.testcontainers:minio from 1.19.5 to 1.19.6 by @dependabot in #1087
• Bump Redpanda and Redpanda Console by @nscuro in #1089
• Bump graalvm/setup-graalvm from 1.1.5.1 to 1.1.8.1 in /.github/workflows by @dependabot in #1090
• Bump com.fasterxml.uuid:java-uuid-generator from 4.3.0 to 5.0.0 by @dependabot in #1091
• Bump actions/download-artifact from 4.1.2 to 4.1.3 in /.github/workflows by @dependabot in #1097
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 in /.github/workflows by @dependabot in #1100
• Bump actions/setup-java from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #1099
• Bump com.puppycrawl.tools:checkstyle from 10.13.0 to 10.14.0 by @dependabot in #1106
• Bump quarkus.platform.version from 3.7.4 to 3.8.1 by @dependabot in #1105
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /notification-publisher/src/main/docker by @dependabot in #1113
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /mirror-service/src/main/docker by @dependabot in #1112
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /vulnerability-analyzer/src/main/docker by @dependabot in #1111
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /repository-meta-analyzer/src/main/docker by @dependabot in #1110
• Bump org.json:json from 20240205 to 20240303 by @dependabot in #1115
• Bump io.minio:minio from 8.5.8 to 8.5.9 by @dependabot in #1116
• Bump actions/download-artifact from 4.1.3 to 4.1.4 in /.github/workflows by @dependabot in #1117

Other Changes

• Rename kafka topic prefix config by @sahibamittal in #1081
• Don't assert order of findings returned by REST API in e2e test by @nscuro in #1104
• removed usage of mockserver by @mehab in #1119
• Synchronize DB schema with API server by @nscuro in #1114

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

Enhancements 🚀

• Reduce default HTTP client timeouts by @nscuro in #902
• Rename package org.hyades to org.dependencytrack by @mehab in #922
• Add support for github meta analyzer by @sahibamittal in #1032
• Tweak Kafka Streams config by @nscuro in #1043
• Improve Docker Compose setup by @nscuro in #1065
• Move test data from load-tests to testdata by @nscuro in #1066
• Add some simple helper scripts by @nscuro in #1067

Bug Fixes 🐛

• Fix line break issues when cloning repository on Windows by @nscuro in #913
• Fix missing check for NotificationRule enablement by @nscuro in #946
• Fix confusion of IDs when SNYK- vulnerabilities are reported in problems array by @nscuro in #985
• Fix broken native build caused by Cloud SQL socket factory by @nscuro in #1042
• Backport minor bug fixes by @sahibamittal in #1051
• Fix Hibernate exception due to null being assigned to primitive boolean by @nscuro in #1060
• Fix false positives in CPE matching due to ambiguous vendor/product relations by @nscuro in #1061

Dependency Updates 🤖

• Bump graalvm/setup-graalvm from 1.1.4.2 to 1.1.5.1 in /.github/workflows by @dependabot in #895
• Bump helm/chart-testing-action from 2.6.0 to 2.6.1 in /.github/workflows by @dependabot in #896
• Align Protobuf version with API server by @nscuro in #897
• Bump surefire-plugin.version from 3.2.1 to 3.2.2 by @dependabot in #898
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.0 to 5.0.1 by @dependabot in #900
• Bump lib.protobuf-java.version from 3.24.4 to 3.25.0 by @dependabot in #899
• Bump com.github.package-url:packageurl-java from 1.4.1 to 1.4.2 by @dependabot in #903
• Bump quarkus.platform.version from 3.5.0 to 3.5.1 by @dependabot in #904
• Bump com.google.cloud.sql:postgres-socket-factory from 1.14.1 to 1.15.0 by @dependabot in #908
• Bump bufbuild/buf-setup-action from 1.27.2 to 1.28.0 in /.github/workflows by @dependabot in #906
• Bump com.puppycrawl.tools:checkstyle from 10.12.4 to 10.12.5 by @dependabot in #909
• Bump lib.protobuf-java.version from 3.25.0 to 3.25.1 by @dependabot in #912
• Bump bufbuild/buf-setup-action from 1.28.0 to 1.28.1 in /.github/workflows by @dependabot in #911
• Bump quarkus.platform.version from 3.5.1 to 3.5.2 by @dependabot in #917
• Bump docker/build-push-action from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot in #918
• Bump us.springett:cpe-parser from 2.0.3 to 2.1.0 by @dependabot in #920
• Bump com.icegreen:greenmail-junit5 from 2.0.0 to 2.0.1 by @dependabot in #919
• Bump quarkus.platform.version from 3.5.2 to 3.5.3 by @dependabot in #923
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.1 to 5.0.2 by @dependabot in #933
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.2 to 5.0.3 by @dependabot in #936
• Bump io.pebbletemplates:pebble from 3.2.1 to 3.2.2 by @dependabot in #935
• Bump io.smallrye:jandex-maven-plugin from 3.1.5 to 3.1.6 by @dependabot in #934
• Bump actions/setup-java from 3.13.0 to 4.0.0 in /.github/workflows by @dependabot in #944
• Bump actions/setup-python from 4.7.1 to 4.8.0 in /.github/workflows by @dependabot in #951
• Bump actions/setup-python from 4.8.0 to 5.0.0 in /.github/workflows by @dependabot in #953
• Bump com.puppycrawl.tools:checkstyle from 10.12.5 to 10.12.6 by @dependabot in #952
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.3 to 5.1.0 by @dependabot in #948
• Bump lib.kafka.version from 3.6.0 to 3.6.1 by @dependabot in #949
• Bump com.github.package-url:packageurl-java from 1.4.2 to 1.5.0 by @dependabot in #958
• Bump actions/download-artifact from 3.0.2 to 4.0.0 in /.github/workflows by @dependabot in #972
• Bump actions/upload-artifact from 3.1.3 to 4.0.0 in /.github/workflows by @dependabot in #971
• Bump surefire-plugin.version from 3.2.2 to 3.2.3 by @dependabot in #970
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.0 to 1.15.1 by @dependabot in #963
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-8 to 4.0.0-alpha-9 by @dependabot in #962
• Bump lib.resilience4j.version from 2.1.0 to 2.2.0 by @dependabot in #975
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.0 to 5.1.1 by @dependabot in #974
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.0 by @dependabot in #980
• Bump actions/download-artifact from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #981
• Bump com.squareup.okhttp3:okhttp from 4.11.0 to 4.12.0 by @dependabot in #978
• Bump com.squareup.okio:okio from 3.6.0 to 3.7.0 by @dependabot in #979
• Bump Redpanda to v23.2.21 by @nscuro in #988
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.0 to 3.12.1 by @dependabot in #990
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-9 to 4.0.0-alpha-10 by @dependabot in #989
• Bump com.puppycrawl.tools:checkstyle from 10.12.6 to 10.12.7 by @dependabot in #992
• Bump quarkus.platform.version from 3.5.3 to 3.6.4 by @dependabot in #984
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.0 by @dependabot in #991
• Bump org.assertj:assertj-core from 3.25.0 to 3.25.1 by @dependabot in #995
• Bump surefire-plugin.version from 3.2.3 to 3.2.5 by @dependabot in #1000
• Bump actions/download-artifact from 4.1.0 to 4.1.1 in /.github/workflows by @dependabot in #1002
• Bump lib.protobuf-java.version from 3.25.1 to 3.25.2 by @dependabot in #1003
• Bump quarkus.platform.version from 3.6.4 to 3.6.5 by @dependabot in #1004
• Bump actions/upload-artifact from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #1010
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-10 to 4.0.0-alpha-12 by @dependabot in #1011
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.1 to 1.15.2 by @dependabot in #1017
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #1014
• Bump quarkus.platform.version from 3.6.5 to 3.6.6 by @dependabot in #1013
• Bump actions/upload-artifact from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1018
• Bump quarkus.platform.version from 3.6.6 to 3.6.7 by @dependabot in #1029
• Bump actions/upload-artifact from 4.2.0 to 4.3.0 in /.github/workflows by @dependabot in #1028
• Bump bufbuild/buf-setup-action from 1.28.1 to 1.29.0 in /.github/workflows by @dependabot in #1033
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.2 by @dependabot in #1034
• Bump Redpanda to v23.3.3 by @nscuro in https://github.com/DependencyTrack/hyades/pu...

v0.2.0

What's Changed

Enhancements 🚀

• Bump CWE dictionary to v4.12 by @nscuro in #859
• Build and publish native images on release by @nscuro in #867
• Include Cloud SQL database connector for PostgreSQL by @nscuro in #870

Bug Fixes 🐛

• Fix failing setup-graalvm action by @nscuro in #852
• Fix false negatives in NVD CPE matching by @nscuro in #861
• Fix repartition.purge.interval.ms not being configurable via environment variables by @nscuro in #878

Dependency Updates 🤖

• Bump com.puppycrawl.tools:checkstyle from 10.12.3 to 10.12.4 by @dependabot in #830
• Bump actions/setup-python from 4.7.0 to 4.7.1 in /.github/workflows by @dependabot in #832
• Bump quarkus.platform.version from 3.4.1 to 3.4.2 by @dependabot in #837
• bump kafka lib version by @VithikaS in #839
• Bump bufbuild/buf-setup-action from 1.26.1 to 1.27.0 in /.github/workflows by @dependabot in #841
• Bump bufbuild/buf-lint-action from 1.0.3 to 1.1.0 in /.github/workflows by @dependabot in #847
• Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 by @dependabot in #851
• Bump quarkus.platform.version from 3.4.2 to 3.4.3 by @dependabot in #848
• Bump org.json:json from 20230618 to 20231013 by @dependabot in #850
• Remove dependency on cyclonedx-core-java by @nscuro in #855
• Bump bufbuild/buf-setup-action from 1.27.0 to 1.27.1 in /.github/workflows by @dependabot in #856
• Bump actions/checkout from 4.1.0 to 4.1.1 in /.github/workflows by @dependabot in #857
• Bump surefire-plugin.version from 3.1.2 to 3.2.1 by @dependabot in #871
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 by @dependabot in #874
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-7 to 4.0.0-alpha-8 by @dependabot in #876
• Bump quarkus.platform.version from 3.4.3 to 3.5.0 by @dependabot in #875
• Bump frontend to 4.9.0 by @nscuro in #882
• Bump Redpanda to v23.2.13 and Console to v2.3.5 by @nscuro in #879
• Bump PostgreSQL image to 16 by @nscuro in #880
• Bump bufbuild/buf-setup-action from 1.27.1 to 1.27.2 in /.github/workflows by @dependabot in #886
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 by @dependabot in #885
• Bump helm/chart-testing-action from 2.4.0 to 2.6.0 in /.github/workflows by @dependabot in #889
• Bump returntocorp/semgrep-action from 0.57.0 to 0.58.0 in /.github/workflows by @dependabot in #891
• Compose: Use latest for Hyades images; Bump frontend to 4.9.1 by @nscuro in #892

Other Changes

• temp workaround to be reveretd after snyk fix by @VithikaS in #836
• bumped Jeremy's library and fixed breaking changes by @mehab in #840
• fixed failing unit test in main by @mehab in #843
• increase max request size by @VithikaS in #846
• Integrate Integrity metadata in repo-meta-analyzer by @sahibamittal in #835
• add component uuid to proto by @VithikaS in #853
• Add documentation for CEL policies by @nscuro in #829
• Update CODEOWNERS by @nscuro in #869
• Build and publish docs upon release by @nscuro in #868
• Increase timeout of test workflows by @nscuro in #877
• Reduce log level when package type is not supported by @VithikaS in #890
• Bump frontend in Helm chart to 4.9.1 by @nscuro in #893

Full Changelog: v0.1.5...v0.2.0

v0.1.5

What's Changed

Enhancements 🚀

• Add mapping of snyk meta errors in new API by @sahibamittal in #820

Dependency Updates 🤖

• Bump actions/checkout from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #827
• Bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 by @dependabot in #826
• Bump io.smallrye:jandex-maven-plugin from 3.1.3 to 3.1.5 by @dependabot in #825
• Bump org.xerial.snappy:snappy-java from 1.1.10.4 to 1.1.10.5 by @dependabot in #828

Other Changes

• version bump by @VithikaS in #833

Full Changelog: v0.1.4...v0.1.5

v0.1.4

What's Changed

Enhancements 🚀

• Make replicaCount configurable for mirror-service by @nscuro in #783
• Update Helm Chart and Minikube setup to accommodate for multi-replica API server by @nscuro in #717
• Added correlation token in notification subjects by @sahibamittal in #799

Dependency Updates 🤖

• Bump docker/setup-buildx-action from 2.10.0 to 3.0.0 in /.github/workflows by @dependabot in #805
• Bump docker/login-action from 2.2.0 to 3.0.0 in /.github/workflows by @dependabot in #804
• Bump docker/setup-qemu-action from 2.2.0 to 3.0.0 in /.github/workflows by @dependabot in #803
• Bump docker/build-push-action from 4.2.1 to 5.0.0 in /.github/workflows by @dependabot in #802
• Bump com.fasterxml.uuid:java-uuid-generator from 4.2.0 to 4.3.0 by @dependabot in #801
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.0.0 to 3.1.0 by @dependabot in #800
• Bump Redpanda images to v23.2.8 by @nscuro in #806
• Bump quarkus.platform.version from 3.3.2 to 3.3.3 by @dependabot in #809
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.1.0 to 3.2.2 by @dependabot in #810
• Bump graalvm/setup-graalvm from 1.1.3.1 to 1.1.4.2 in /.github/workflows by @dependabot in #816
• Bump actions/setup-java from 3.12.0 to 3.13.0 in /.github/workflows by @dependabot in #817
• Bump quarkus.platform.version from 3.3.3 to 3.4.1 by @dependabot in #815

Other Changes

• Id from source for snyk legacy vulnerability by @VithikaS in #811
• Feature/support go with snyk and ossIndex by @mehab in #812
• bumped version for release by @mehab in #819

Full Changelog: v0.1.3...v0.1.4

v0.1.3

What's Changed

Enhancements 🚀

• Ensure consistent formatting of notification timestamps by @nscuro in #795

Bug Fixes 🐛

• Fix grammatical number of vulnerabilities in ProjectVulnAnalysisCompleteSubject by @nscuro in #781
• Fix batches not being submitted even though batchStore contains records by @nscuro in #788
• Fix potential TopologyException when running multiple vulnerability-analyzer instances by @nscuro in #796

Dependency Updates 🤖

• Bump io.confluent.parallelconsumer:parallel-consumer-core from 0.5.2.6 to 0.5.2.7 by @dependabot in #780
• Bump us.springett:cpe-parser from 2.0.2 to 2.0.3 by @dependabot in #785
• Bump actions/checkout from 3.6.0 to 4.0.0 in /.github/workflows by @dependabot in #784
• Bump com.github.tomakehurst:wiremock-jre8-standalone from 2.35.0 to 2.35.1 by @dependabot in #790
• Bump graalvm/setup-graalvm from 1.1.2.1 to 1.1.3.1 in /.github/workflows by @dependabot in #793
• Bump actions/upload-artifact from 3.1.2 to 3.1.3 in /.github/workflows by @dependabot in #792
• Bump returntocorp/semgrep-action from 0.56.0 to 0.57.0 in /.github/workflows by @dependabot in #791
• Bump quarkus.platform.version from 3.3.1 to 3.3.2 by @dependabot in #789
• Bump docker/build-push-action from 4.1.1 to 4.2.1 in /.github/workflows by @dependabot in #798

Other Changes

• Update cvssv3 assertion in BomUploadProcessingE2ET by @sahibamittal in #786
• Add e2e test for delayed BOM_PROCESSED notification by @nscuro in #787
• Bump version to 0.1.3-SNAPSHOT by @VithikaS in #794

Full Changelog: v0.1.2...v0.1.3