Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port changes from upstream DT release 4.10.x #983

Closed
Tracked by #860
VinodAnandan opened this issue Dec 20, 2023 · 2 comments
Closed
Tracked by #860

Port changes from upstream DT release 4.10.x #983

VinodAnandan opened this issue Dec 20, 2023 · 2 comments
Labels
component/api-server feature-gap Things that work in vanilla Dependency-Track but don't in Hyades good first issue Good for newcomers p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/L High effort

Comments

@VinodAnandan
Copy link
Collaborator

VinodAnandan commented Dec 20, 2023
edited by nscuro
Loading

API server:

Frontend:

Issue / PR Type Description Backported Backport PR
DependencyTrack/dependency-track#3089 Enhancement Use Java 21 JRE in container images DependencyTrack/hyades-apiserver#572
DependencyTrack/dependency-track#3103 CI Pin digests of GitHub Actions - -
DependencyTrack/dependency-track#3104 CI Use strict token permissions in GitHub Actions workflows DependencyTrack/hyades-apiserver#572
DependencyTrack/dependency-track#3118 Enhancement Remove CPE table and associated code DependencyTrack/hyades-apiserver#547
DependencyTrack/dependency-track#3116 Enhancement Improve efficiency of index operations n/a, search indexes have been removed in Hyades -
DependencyTrack/dependency-track#2987 Bugfix Cannot manually rebuild search index of more than one entity type at time n/a, search indexes have been removed in Hyades -
DependencyTrack/dependency-track#3154 Enhancement Add retry with exponential backoff for NVD feed downloads n/a, NVD feeds are not used in Hyades -
DependencyTrack/dependency-track#3172 Bugfix Fix trailing comma in default Slack publisher template DependencyTrack/hyades-apiserver#571
DependencyTrack/dependency-track#3173 Enhancement Add average event processing duration to Grafana dashboard - -
DependencyTrack/dependency-track#3112 Enhancement Add support for github component sources #1032, DependencyTrack/hyades-apiserver#539
DependencyTrack/dependency-track#3175 Enhancement Add support for mirroring of the NVD via API n/a, already implemented in Hyades -
DependencyTrack/dependency-track#3194 Bugfix Fix NPE when affected node in OSV does not define a package #1072
DependencyTrack/dependency-track#2876 Enhancement Support authentication for public / non-internal repositories n/a, already implemented in Hyades -
DependencyTrack/dependency-track#3198 Bugfix Fix NPE for BOM_PROCESSING_FAILED notifications when parsing of the BOM failed #1073
DependencyTrack/dependency-track#3209 Bugfix Fix false positives in CPE matching due to ambiguous vendor/product relations #1061
DependencyTrack/dependency-track#3211 Enhancement Improve logging for notification publishing #1026, DependencyTrack/hyades-apiserver#536
DependencyTrack/dependency-track#3222 Bugfix Fix Massive deterioration of the Portfolio Vulnerability Analysis performance due to unnecessary increment in the amount of components to proceed n/a, code no longer exists in Hyades -
DependencyTrack/dependency-track#3228 Bugfix Fix failure to delete PolicyViolations when they have an audit trail DependencyTrack/hyades-apiserver#562
DependencyTrack/dependency-track#3232 Bugfix Fix teams not being assignable to alerts with custom email publishers DependencyTrack/hyades-apiserver#550
DependencyTrack/dependency-track#3233 Bugfix Fix erroneous warning log during VEX import DependencyTrack/hyades-apiserver#550
DependencyTrack/dependency-track#3244 Bugfix Added a default value for the Project active field if it is null DependencyTrack/hyades-apiserver#550
DependencyTrack/dependency-track#3245 Bugfix Tweak container health check to prevent wget zombie processes on slow hosts DependencyTrack/hyades-apiserver#550
DependencyTrack/dependency-track#3246 Bugfix Fix NPEs in GitHub repository metadata analyzer #1051
DependencyTrack/dependency-track#2737 Enhancement Add missing support for supplier and manufacturer DependencyTrack/hyades-apiserver#570
DependencyTrack/dependency-track#3247 Bugfix Add migration to populate new AUTHENTICATIONREQUIRED column na, already done in Hyades -
DependencyTrack/dependency-track#3306 Bugfix Backport: Fix notifications not being sent for child projects where active is null #1051
DependencyTrack/dependency-track#3308 Bugfix Backport: Fix NPE in VersionDistancePolicyEvaluator when project has no direct dependencies na, NPE is handled by sql, will add a test -
DependencyTrack/dependency-track#3312 Bugfix Backport: Fix ClassCastException when updating an existing ProjectMetadata#authors field DependencyTrack/hyades-apiserver#592
DependencyTrack/dependency-track#3323 Bugfix Backport: Fix NVD API's last modified timestamp requiring restart to be applied n/a, timestamp is stored differently in Hyades -
DependencyTrack/dependency-track#3315 Bugfix Backport: Improve Error handling and add default version type #1051
@nscuro nscuro added p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort component/api-server feature-gap Things that work in vanilla Dependency-Track but don't in Hyades labels Dec 20, 2023
@nscuro
Copy link
Member

nscuro commented Dec 20, 2023

Not anticipating this to be a big task. Main feature of 4.10 was support for the NVD REST API which Hyades already had for a long time.

@VinodAnandan VinodAnandan added the good first issue Good for newcomers label Dec 23, 2023
@nscuro nscuro pinned this issue Jan 18, 2024
@nscuro nscuro added size/L High effort and removed size/M Medium effort labels Jan 18, 2024
@VinodAnandan
Copy link
Collaborator Author

VinodAnandan commented Jan 21, 2024
edited
Loading

I would like to work on DependencyTrack/dependency-track#3089, DependencyTrack/dependency-track#3103, DependencyTrack/dependency-track#3104 . I will try to complete them in the next 5 or 6 days.

This was referenced Jan 22, 2024
Merged
Merged
Merged
Merged
@sahibamittal sahibamittal mentioned this issue Jan 30, 2024
Merged
5 tasks
@nscuro nscuro mentioned this issue Jan 31, 2024
Open
34 tasks
This was referenced Jan 31, 2024
Merged
Merged
This was referenced Feb 7, 2024
Closed
Merged
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this issue Feb 8, 2024
@nscuro
Fix failure to delete PolicyViolations when they have an audit trail
21bd3b6 
The original bug was in the legacy policy engine, but the CEL-based one also had it :)

Ports DependencyTrack/dependency-track#3228 from DT v4.10.0.

Relates to DependencyTrack/hyades#983

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Feb 8, 2024
Merged
2 tasks
This was referenced Feb 12, 2024
Merged
Merged
Merged
@nscuro nscuro mentioned this issue Feb 22, 2024
Merged
2 tasks
@nscuro nscuro closed this as completed Feb 26, 2024
@nscuro nscuro unpinned this issue Feb 26, 2024
@nscuro nscuro mentioned this issue Apr 12, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/api-server feature-gap Things that work in vanilla Dependency-Track but don't in Hyades good first issue Good for newcomers p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/L High effort
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nscuro @VinodAnandan