Skip to content

[pull] master from DependencyTrack:master#2

Open
pull[bot] wants to merge 173 commits intofahedouch:masterfrom
DependencyTrack:master
Open

[pull] master from DependencyTrack:master#2
pull[bot] wants to merge 173 commits intofahedouch:masterfrom
DependencyTrack:master

Conversation

@pull
Copy link

@pull pull bot commented Jan 19, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

ch8matt and others added 6 commits November 21, 2025 11:28
@ch8matt
feat(policy): add Internal Status policy condition support
f8a7bbd 
Signed-off-by: ch8matt <g.matthieu49@gmail.com>
@ch8matt
Fix: Invert assertions in InternalStatusPolicyEvaluatorTest
eb01f19 
Signed-off-by: ch8matt <g.matthieu49@gmail.com>
@dependabot
build(deps): bump org.metaeffekt.core:ae-security
07a0ad5 
Bumps org.metaeffekt.core:ae-security from 0.150.2 to 0.151.0.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.151.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump github/codeql-action from 4.31.9 to 4.31.10
1c73629 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.9 to 4.31.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@5d4e8d1...cdefb33)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@nscuro
Merge pull request #5706 from DependencyTrack/dependabot/maven/org.me…
73ca83c 
…taeffekt.core-ae-security-0.151.0
@nscuro
Merge pull request #5707 from DependencyTrack/dependabot/github_actio…
0304029 
…ns/github/codeql-action-4.31.10
@pull pull bot locked and limited conversation to collaborators Jan 19, 2026
@pull pull bot added the ⤵️ pull label Jan 19, 2026
WoozyMasta and others added 22 commits January 19, 2026 17:52
@WoozyMasta
fix: performance issue with PURL lookups #5710
a6df1a3 
Signed-off-by: WoozyMasta <kagbe.leviy@gmail.com>
@nscuro
Fall back to generic versioning scheme if no PURL is available
bd89451 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Merge pull request #5714 from nscuro/issue-5712
0c21ab9
@WoozyMasta
fix: remove manual migration
960eb24 
Signed-off-by: WoozyMasta <kagbe.leviy@gmail.com>
@dependabot
build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlse…
0325a2d 
…rver

Bumps com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.27.1 to 1.28.0.

---
updated-dependencies:
- dependency-name: com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@nscuro
Merge pull request #5715 from DependencyTrack/dependabot/maven/com.go…
378d77e 
…ogle.cloud.sql-cloud-sql-connector-jdbc-sqlserver-1.28.0
@dependabot
build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector…
5073eca 
…-j-8

Bumps com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.27.1 to 1.28.0.

---
updated-dependencies:
- dependency-name: com.google.cloud.sql:mysql-socket-factory-connector-j-8
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@nscuro
Bump versatile to 0.16.1
fb5b993 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Merge pull request #5719 from nscuro/versatile-0.16.1
1ec3188
@nscuro
Merge pull request #5711 from WoozyMasta/fix/5710-purl-index
eb72aa7
@nscuro
Merge pull request #5685 from DependencyTrack/dependabot/maven/com.go…
978871f 
…ogle.cloud.sql-mysql-socket-factory-connector-j-8-1.28.0
@nscuro
Bump cyclonedx-core-java to 12.0.0
ba8f3b5 
Signed-off-by: Niklas <nscuro@protonmail.com>
@nscuro
Merge pull request #5721 from DependencyTrack/nscuro-patch-1
a8d82cf
@nscuro
Bump Alpine to 3.6.0
339024c 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Merge pull request #5722 from nscuro/bump-alpine-3.6.0
0272ae1
@dependabot
build(deps): bump org.cyclonedx:cyclonedx-core-java
2987044 
Bumps [org.cyclonedx:cyclonedx-core-java](https://github.com/CycloneDX/cyclonedx-core-java) from 12.0.0 to 12.0.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-core-java/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-core-java/blob/master/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-core-java@cyclonedx-core-java-12.0.0...cyclonedx-core-java-12.0.1)

---
updated-dependencies:
- dependency-name: org.cyclonedx:cyclonedx-core-java
  dependency-version: 12.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump org.metaeffekt.core:ae-security
e93eb48 
Bumps org.metaeffekt.core:ae-security from 0.151.0 to 0.152.0.

---
updated-dependencies:
- dependency-name: org.metaeffekt.core:ae-security
  dependency-version: 0.152.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@nscuro
Merge pull request #5732 from DependencyTrack/dependabot/maven/org.cy…
43d8853 
…clonedx-cyclonedx-core-java-12.0.1
@nscuro
Merge pull request #5733 from DependencyTrack/dependabot/maven/org.me…
b728f35 
…taeffekt.core-ae-security-0.152.0
@dependabot
build(deps): bump actions/setup-java from 5.1.0 to 5.2.0
5becb16 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@f2beeb2...be666c2)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump actions/checkout from 6.0.1 to 6.0.2
648a635 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump github/codeql-action from 4.31.10 to 4.31.11
5314dcd 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.10 to 4.31.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@cdefb33...19b2f06)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
dependabot bot and others added 30 commits March 9, 2026 08:04
@dependabot
build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0
b768444 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.3 to 4.9.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@05fe457...2031cfc)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
1d60ef3 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@8d2750c...4d04d5d)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0
e3793d8 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.1 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@e368e32...57a97c7)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@nscuro
Merge pull request #5880 from DependencyTrack/dependabot/github_actio…
97b3b42 
…ns/docker/setup-buildx-action-4.0.0

build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
@nscuro
Merge pull request #5881 from DependencyTrack/dependabot/github_actio…
06d3fea 
…ns/aquasecurity/trivy-action-0.35.0

build(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0
@nscuro
Merge pull request #5879 from DependencyTrack/dependabot/github_actio…
16f199d 
…ns/actions/dependency-review-action-4.9.0

build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0
@nscuro
Merge pull request #5878 from DependencyTrack/dependabot/github_actio…
a7b85df 
…ns/docker/login-action-4.0.0

build(deps): bump docker/login-action from 3.7.0 to 4.0.0
@nscuro
Merge pull request #5877 from DependencyTrack/dependabot/github_actio…
4d6acb4 
…ns/github/codeql-action-4.32.6

build(deps): bump github/codeql-action from 4.32.4 to 4.32.6
@nscuro
Merge pull request #5876 from DependencyTrack/dependabot/maven/io.git…
f9ec1a6 
…hub.ascopes-protobuf-maven-plugin-5.0.2

build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.0.1 to 5.0.2
@nscuro
Merge pull request #5875 from DependencyTrack/dependabot/maven/org.me…
5c0fadc 
…taeffekt.core-ae-security-0.153.1

build(deps): bump org.metaeffekt.core:ae-security from 0.153.0 to 0.153.1
@nscuro
Merge pull request #5874 from DependencyTrack/dependabot/maven/org.ap…
866033a 
…ache.maven-maven-artifact-3.9.13

build(deps): bump org.apache.maven:maven-artifact from 3.9.12 to 3.9.13
@nscuro
Bump Alpine to 3.7.0
79ea260 
Signed-off-by: Niklas <nscuro@protonmail.com>
@nscuro
Merge pull request #5883 from DependencyTrack/nscuro-patch-1
b9850c1 
Bump Alpine to 3.7.0
@nscuro
Merge pull request #5844 from Virtimo/feature/issue-5843
3bd644b 
Include CVSS vectors and metadata in Finding model
@nscuro
Merge pull request #5831 from Granjow/docs/permissions
ec9df63 
Add page on users and permissions
@nscuro
Delete NVD feed timestamp files during v4.14.0 upgrade (#5886)
0698766 
This is a continuation of the existing watermark reset logic. Since the feed-based NVD mirroring does not keep watermarks in the database, we need to delete its timestamp files instead.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Bump FPF version to 1.3
faa5a98 
#5844 introduced new fields to findings
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Merge pull request #5885 from nscuro/bump-fpf-version
f1022c8 
Bump FPF version to 1.3
@nscuro
Bump SPDX license list to v3.28.0
d539845 
Introduces 33 new licenses.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Bump CWE dictionary to v4.19.1
425a177 
Introduces 18 new CWEs.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Merge pull request #5888 from nscuro/bump-license-list
a9e14c1 
Bump SPDX license list to v3.28.0
@nscuro
Merge pull request #5889 from nscuro/bump-cwe-dictionary-
2e0d36c 
Bump CWE dictionary to v4.19.1
@nscuro
Bump bundled frontend to 4.14.0
cd136b4 
Signed-off-by: Niklas <nscuro@protonmail.com>
@nscuro
Add changelog for 4.14.0
0bb2327 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Merge pull request #5890 from DependencyTrack/nscuro-patch-1
3f2e39a 
Bump bundled frontend to 4.14.0
@nscuro
Merge pull request #5887 from nscuro/changelog-v4.14.0
886126d 
Add changelog for 4.14.0
@dependencytrack-bot
prepare-release: set version to 4.14.0
18fbb16
@nscuro
Update release branch in dependabot config
883c190 
Signed-off-by: Niklas <nscuro@protonmail.com>
@nscuro
Update versions in issue template for defects
df1a669 
Signed-off-by: Niklas <nscuro@protonmail.com>
@nscuro
Add release artifact checksums for 4.14.0
f7b8e4f 
Signed-off-by: Niklas <nscuro@protonmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@ch8matt @nscuro @WoozyMasta @brianf @Granjow @valentijnscholten @AndreVirtimo @dependencytrack-bot