v0.5.0

What's Changed

Enhancements 🚀

• Raise baseline Java version to 21 by @nscuro in #1098
• Load cluster ID from database on startup by @nscuro in #1165
• Handle duplicate issues reported by Snyk by @nscuro in #1168
• Use /dev/urandom instead of openssl rand to generate secret key by @nscuro in #1173
• Run builds and CI on feature branches by @nscuro in #1192
• Add EPSS mirroring to mirror-service by @sahibamittal in #1135
• Wrap jdbc url environment variables in with conditional by @cortesnoel-lm in #1225
• Add dtrack.vuln-analysis.result.processed topic by @nscuro in #1166
• Issue 947 : Add table vulnerability_tags in schema by @sahibamittal in #1212
• Display percentiles for event processing durations on Grafana dashboard by @nscuro in #1193
• Introduce config-dependencytrack Quarkus extension by @nscuro in #1223
• Pull config via @ConfigProperty in notification-publisher by @nscuro in #1229
• Pull config via @ConfigProperty in mirror-service by @nscuro in #1236
• Update schema for clone project workflow by @sahibamittal in #1293
• Add mode of operation in Vulnerability policy by @sahibamittal in #1250
• Add CVSS and OWASP vectors to notification proto by @nscuro in #1303
• Port: Configurable email subject prefix by @leec94 in #1307
• Port: Bump CWE dictionary to v4.13 by @nscuro in #1322
• Schema change to add component property by @sahibamittal in #1323
• Port: add hackage and nixpkgs analyzers by @sahibamittal in #1332
• Port: Webhook alert token and new user alerts by @sahibamittal in #1338
• Port: Add the project name and project URL to bom processing notifications by @nscuro in #1342
• Update schema for Component Property by @sahibamittal in #1344
• Update CDX schema to v1.6 by @sahibamittal in #1382

Bug Fixes 🐛

• Fix broken e2e tests due to Quarkus RestClient requiring CDI context by @nscuro in #1170
• De-duplicate Snyk vulnerabilities by ID by @nscuro in #1182
• Fix mapping of CPEs to vers ranges when version is NA (-) by @nscuro in #1180
• Add date format to support offset in nuget analyser by @sahibamittal in #1264
• Fix broken email notifications in e2e test by @nscuro in #1266
• Fix parsing of decimal numbers in non-English locales by @nscuro in #1273
• Fix CVSS version detection for OSV by @nscuro in #1296
• Fix inconsistent source identifier for GitHub Advisories by @nscuro in #1298
• Fix VulnerabilityPolicyE2ET by @nscuro in #1304
• Port: withdrawn check for github advisory by @sahibamittal in #1305
• Port fix for npm purls with special characters by @sahibamittal in #1309
• Fix CVSS vectors missing from e2e notification asserts by @nscuro in #1308
• Fix role "root" does not exist in postgres healthcheck by @nscuro in #1321
• Port: Fix Slack notifications failing when no base URL is configured + Add tests for NewVulnerableDependencySubject by @sahibamittal in #1314
• Fix e2e tests failing to get API keys by @nscuro in #1334
• Gracefully handle MalformedVectorExceptions for invalid CVSS vectors by @nscuro in #1388

Dependency Updates 🤖

• Bump org.testcontainers:minio from 1.19.6 to 1.19.7 by @dependabot in #1120
• Bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 in /.github/workflows by @dependabot in #1122
• Bump quarkus.platform.version from 3.8.1 to 3.8.2 by @dependabot in #1123
• Bump docker/build-push-action from 5.1.0 to 5.2.0 in /.github/workflows by @dependabot in #1126
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-12 to 4.0.0-alpha-13 by @dependabot in #1125
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.2 to 6.0.0 by @dependabot in #1124
• Bump com.puppycrawl.tools:checkstyle from 10.14.0 to 10.14.1 by @dependabot in #1127
• Bump com.google.cloud.sql:postgres-socket-factory from 1.16.0 to 1.17.0 by @dependabot in #1131
• Bump com.squareup.okio:okio from 3.8.0 to 3.9.0 by @dependabot in #1130
• Bump actions/checkout from 4.1.1 to 4.1.2 in /.github/workflows by @dependabot in #1129
• Bump graalvm/setup-graalvm from 1.1.8.1 to 1.1.8.2 in /.github/workflows by @dependabot in #1128
• Bump actions/setup-java from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1132
• Bump docker/login-action from 3.0.0 to 3.1.0 in /.github/workflows by @dependabot in #1133
• Bump io.smallrye:jandex-maven-plugin from 3.1.6 to 3.1.7 by @dependabot in #1136
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 in /.github/workflows by @dependabot in #1139
• Bump docker/build-push-action from 5.2.0 to 5.3.0 in /.github/workflows by @dependabot in #1137
• Bump actions/setup-java from 4.2.0 to 4.2.1 in /.github/workflows by @dependabot in #1138
• Bump com.puppycrawl.tools:checkstyle from 10.14.1 to 10.14.2 by @dependabot in #1140
• Bump org.kohsuke:github-api from 1.319 to 1.320 by @dependabot in #1141
• Bump com.google.cloud.sql:postgres-socket-factory from 1.17.0 to 1.17.1 by @dependabot in #1142
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #1143
• Bump quarkus.platform.version from 3.8.2 to 3.8.3 by @dependabot in #1145
• Bump org.kohsuke:github-api from 1.320 to 1.321 by @dependabot in #1150
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #1157
• Bump bufbuild/buf-breaking-action from 1.1.3 to 1.1.4 in /.github/workflows by @dependabot in #1158
• Bump bufbuild/buf-lint-action from 1.1.0 to 1.1.1 in /.github/workflows by @dependabot in #1159
• Bump actions/setup-python from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot in #1160
• Bump io.github.jeremylong:open-vulnerability-clients from 6.0.0 to 6.0.1 by @dependabot in #1161
• Bump com.puppycrawl.tools:checkstyle from 10.14.2 to 10.15.0 by @dependabot in #1167
• Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #1169
• Bump quarkus.platform.version from 3.8.3 to 3.9.1 by @dependabot in #1163
• Bump bufbuild/buf-setup-action from 1.30.0 to 1.30.1 in /.github/workflows by @dependabot in #1172
• Bump quarkus.platform.version from 3.9.1 to 3.9.2 by @dependabot in #1171
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 in /.github/workflows by @dependabot in #1177
• Bump quarkus.platform.version from 3.9.2 to 3.9.3 by @dependabot in #1183
• Bump azure/setup-helm from 3.5 to 4 in /.github/workflows by @dependabot in #1185
• Bump graalvm/setup-graalvm from 1.1.8.2 to 1.2.1 in /.github/workflows by @dependabot in https://github.com/DependencyTrack/hyades/pull/...

v0.4.0

What's Changed

Enhancements 🚀

• Emit logs as WARN when encountering retryable exceptions by @nscuro in #1102
• Bump container base images to Java 21, and build against Java 21 in CI by @nscuro in #1095

Bug Fixes 🐛

• Port notification publisher fixes and tests by @nscuro in #1073
• Fix generate-bom-testdata.sh failing due to removed ZAP image by @nscuro in #1109

Dependency Updates 🤖

• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.4 to 3.2.5 by @dependabot in #1084
• Bump com.github.tomakehurst:wiremock-jre8-standalone from 2.35.1 to 2.35.2 by @dependabot in #1083
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.1 to 5.1.2 by @dependabot in #1082
• Bump org.kohsuke:github-api from 1.318 to 1.319 by @dependabot in #1085
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.5 to 3.2.7 by @dependabot in #1088
• Bump quarkus.platform.version from 3.7.3 to 3.7.4 by @dependabot in #1086
• Bump org.testcontainers:minio from 1.19.5 to 1.19.6 by @dependabot in #1087
• Bump Redpanda and Redpanda Console by @nscuro in #1089
• Bump graalvm/setup-graalvm from 1.1.5.1 to 1.1.8.1 in /.github/workflows by @dependabot in #1090
• Bump com.fasterxml.uuid:java-uuid-generator from 4.3.0 to 5.0.0 by @dependabot in #1091
• Bump actions/download-artifact from 4.1.2 to 4.1.3 in /.github/workflows by @dependabot in #1097
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 in /.github/workflows by @dependabot in #1100
• Bump actions/setup-java from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #1099
• Bump com.puppycrawl.tools:checkstyle from 10.13.0 to 10.14.0 by @dependabot in #1106
• Bump quarkus.platform.version from 3.7.4 to 3.8.1 by @dependabot in #1105
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /notification-publisher/src/main/docker by @dependabot in #1113
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /mirror-service/src/main/docker by @dependabot in #1112
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /vulnerability-analyzer/src/main/docker by @dependabot in #1111
• Bump bellsoft/liberica-openjdk-alpine-musl from 21.0.1-16 to 21.0.2-14 in /repository-meta-analyzer/src/main/docker by @dependabot in #1110
• Bump org.json:json from 20240205 to 20240303 by @dependabot in #1115
• Bump io.minio:minio from 8.5.8 to 8.5.9 by @dependabot in #1116
• Bump actions/download-artifact from 4.1.3 to 4.1.4 in /.github/workflows by @dependabot in #1117

Other Changes

• Rename kafka topic prefix config by @sahibamittal in #1081
• Don't assert order of findings returned by REST API in e2e test by @nscuro in #1104
• removed usage of mockserver by @mehab in #1119
• Synchronize DB schema with API server by @nscuro in #1114

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

Enhancements 🚀

• Reduce default HTTP client timeouts by @nscuro in #902
• Rename package org.hyades to org.dependencytrack by @mehab in #922
• Add support for github meta analyzer by @sahibamittal in #1032
• Tweak Kafka Streams config by @nscuro in #1043
• Improve Docker Compose setup by @nscuro in #1065
• Move test data from load-tests to testdata by @nscuro in #1066
• Add some simple helper scripts by @nscuro in #1067

Bug Fixes 🐛

• Fix line break issues when cloning repository on Windows by @nscuro in #913
• Fix missing check for NotificationRule enablement by @nscuro in #946
• Fix confusion of IDs when SNYK- vulnerabilities are reported in problems array by @nscuro in #985
• Fix broken native build caused by Cloud SQL socket factory by @nscuro in #1042
• Backport minor bug fixes by @sahibamittal in #1051
• Fix Hibernate exception due to null being assigned to primitive boolean by @nscuro in #1060
• Fix false positives in CPE matching due to ambiguous vendor/product relations by @nscuro in #1061

Dependency Updates 🤖

• Bump graalvm/setup-graalvm from 1.1.4.2 to 1.1.5.1 in /.github/workflows by @dependabot in #895
• Bump helm/chart-testing-action from 2.6.0 to 2.6.1 in /.github/workflows by @dependabot in #896
• Align Protobuf version with API server by @nscuro in #897
• Bump surefire-plugin.version from 3.2.1 to 3.2.2 by @dependabot in #898
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.0 to 5.0.1 by @dependabot in #900
• Bump lib.protobuf-java.version from 3.24.4 to 3.25.0 by @dependabot in #899
• Bump com.github.package-url:packageurl-java from 1.4.1 to 1.4.2 by @dependabot in #903
• Bump quarkus.platform.version from 3.5.0 to 3.5.1 by @dependabot in #904
• Bump com.google.cloud.sql:postgres-socket-factory from 1.14.1 to 1.15.0 by @dependabot in #908
• Bump bufbuild/buf-setup-action from 1.27.2 to 1.28.0 in /.github/workflows by @dependabot in #906
• Bump com.puppycrawl.tools:checkstyle from 10.12.4 to 10.12.5 by @dependabot in #909
• Bump lib.protobuf-java.version from 3.25.0 to 3.25.1 by @dependabot in #912
• Bump bufbuild/buf-setup-action from 1.28.0 to 1.28.1 in /.github/workflows by @dependabot in #911
• Bump quarkus.platform.version from 3.5.1 to 3.5.2 by @dependabot in #917
• Bump docker/build-push-action from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot in #918
• Bump us.springett:cpe-parser from 2.0.3 to 2.1.0 by @dependabot in #920
• Bump com.icegreen:greenmail-junit5 from 2.0.0 to 2.0.1 by @dependabot in #919
• Bump quarkus.platform.version from 3.5.2 to 3.5.3 by @dependabot in #923
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.1 to 5.0.2 by @dependabot in #933
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.2 to 5.0.3 by @dependabot in #936
• Bump io.pebbletemplates:pebble from 3.2.1 to 3.2.2 by @dependabot in #935
• Bump io.smallrye:jandex-maven-plugin from 3.1.5 to 3.1.6 by @dependabot in #934
• Bump actions/setup-java from 3.13.0 to 4.0.0 in /.github/workflows by @dependabot in #944
• Bump actions/setup-python from 4.7.1 to 4.8.0 in /.github/workflows by @dependabot in #951
• Bump actions/setup-python from 4.8.0 to 5.0.0 in /.github/workflows by @dependabot in #953
• Bump com.puppycrawl.tools:checkstyle from 10.12.5 to 10.12.6 by @dependabot in #952
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.3 to 5.1.0 by @dependabot in #948
• Bump lib.kafka.version from 3.6.0 to 3.6.1 by @dependabot in #949
• Bump com.github.package-url:packageurl-java from 1.4.2 to 1.5.0 by @dependabot in #958
• Bump actions/download-artifact from 3.0.2 to 4.0.0 in /.github/workflows by @dependabot in #972
• Bump actions/upload-artifact from 3.1.3 to 4.0.0 in /.github/workflows by @dependabot in #971
• Bump surefire-plugin.version from 3.2.2 to 3.2.3 by @dependabot in #970
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.0 to 1.15.1 by @dependabot in #963
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-8 to 4.0.0-alpha-9 by @dependabot in #962
• Bump lib.resilience4j.version from 2.1.0 to 2.2.0 by @dependabot in #975
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.0 to 5.1.1 by @dependabot in #974
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.0 by @dependabot in #980
• Bump actions/download-artifact from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #981
• Bump com.squareup.okhttp3:okhttp from 4.11.0 to 4.12.0 by @dependabot in #978
• Bump com.squareup.okio:okio from 3.6.0 to 3.7.0 by @dependabot in #979
• Bump Redpanda to v23.2.21 by @nscuro in #988
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.0 to 3.12.1 by @dependabot in #990
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-9 to 4.0.0-alpha-10 by @dependabot in #989
• Bump com.puppycrawl.tools:checkstyle from 10.12.6 to 10.12.7 by @dependabot in #992
• Bump quarkus.platform.version from 3.5.3 to 3.6.4 by @dependabot in #984
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.0 by @dependabot in #991
• Bump org.assertj:assertj-core from 3.25.0 to 3.25.1 by @dependabot in #995
• Bump surefire-plugin.version from 3.2.3 to 3.2.5 by @dependabot in #1000
• Bump actions/download-artifact from 4.1.0 to 4.1.1 in /.github/workflows by @dependabot in #1002
• Bump lib.protobuf-java.version from 3.25.1 to 3.25.2 by @dependabot in #1003
• Bump quarkus.platform.version from 3.6.4 to 3.6.5 by @dependabot in #1004
• Bump actions/upload-artifact from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #1010
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-10 to 4.0.0-alpha-12 by @dependabot in #1011
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.1 to 1.15.2 by @dependabot in #1017
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #1014
• Bump quarkus.platform.version from 3.6.5 to 3.6.6 by @dependabot in #1013
• Bump actions/upload-artifact from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1018
• Bump quarkus.platform.version from 3.6.6 to 3.6.7 by @dependabot in #1029
• Bump actions/upload-artifact from 4.2.0 to 4.3.0 in /.github/workflows by @dependabot in #1028
• Bump bufbuild/buf-setup-action from 1.28.1 to 1.29.0 in /.github/workflows by @dependabot in #1033
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.2 by @dependabot in #1034
• Bump Redpanda to v23.3.3 by @nscuro in https://github.com/DependencyTrack/hyades/pu...

v0.2.0

What's Changed

Enhancements 🚀

• Bump CWE dictionary to v4.12 by @nscuro in #859
• Build and publish native images on release by @nscuro in #867
• Include Cloud SQL database connector for PostgreSQL by @nscuro in #870

Bug Fixes 🐛

• Fix failing setup-graalvm action by @nscuro in #852
• Fix false negatives in NVD CPE matching by @nscuro in #861
• Fix repartition.purge.interval.ms not being configurable via environment variables by @nscuro in #878

Dependency Updates 🤖

• Bump com.puppycrawl.tools:checkstyle from 10.12.3 to 10.12.4 by @dependabot in #830
• Bump actions/setup-python from 4.7.0 to 4.7.1 in /.github/workflows by @dependabot in #832
• Bump quarkus.platform.version from 3.4.1 to 3.4.2 by @dependabot in #837
• bump kafka lib version by @VithikaS in #839
• Bump bufbuild/buf-setup-action from 1.26.1 to 1.27.0 in /.github/workflows by @dependabot in #841
• Bump bufbuild/buf-lint-action from 1.0.3 to 1.1.0 in /.github/workflows by @dependabot in #847
• Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 by @dependabot in #851
• Bump quarkus.platform.version from 3.4.2 to 3.4.3 by @dependabot in #848
• Bump org.json:json from 20230618 to 20231013 by @dependabot in #850
• Remove dependency on cyclonedx-core-java by @nscuro in #855
• Bump bufbuild/buf-setup-action from 1.27.0 to 1.27.1 in /.github/workflows by @dependabot in #856
• Bump actions/checkout from 4.1.0 to 4.1.1 in /.github/workflows by @dependabot in #857
• Bump surefire-plugin.version from 3.1.2 to 3.2.1 by @dependabot in #871
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 by @dependabot in #874
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-7 to 4.0.0-alpha-8 by @dependabot in #876
• Bump quarkus.platform.version from 3.4.3 to 3.5.0 by @dependabot in #875
• Bump frontend to 4.9.0 by @nscuro in #882
• Bump Redpanda to v23.2.13 and Console to v2.3.5 by @nscuro in #879
• Bump PostgreSQL image to 16 by @nscuro in #880
• Bump bufbuild/buf-setup-action from 1.27.1 to 1.27.2 in /.github/workflows by @dependabot in #886
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 by @dependabot in #885
• Bump helm/chart-testing-action from 2.4.0 to 2.6.0 in /.github/workflows by @dependabot in #889
• Bump returntocorp/semgrep-action from 0.57.0 to 0.58.0 in /.github/workflows by @dependabot in #891
• Compose: Use latest for Hyades images; Bump frontend to 4.9.1 by @nscuro in #892

Other Changes

• temp workaround to be reveretd after snyk fix by @VithikaS in #836
• bumped Jeremy's library and fixed breaking changes by @mehab in #840
• fixed failing unit test in main by @mehab in #843
• increase max request size by @VithikaS in #846
• Integrate Integrity metadata in repo-meta-analyzer by @sahibamittal in #835
• add component uuid to proto by @VithikaS in #853
• Add documentation for CEL policies by @nscuro in #829
• Update CODEOWNERS by @nscuro in #869
• Build and publish docs upon release by @nscuro in #868
• Increase timeout of test workflows by @nscuro in #877
• Reduce log level when package type is not supported by @VithikaS in #890
• Bump frontend in Helm chart to 4.9.1 by @nscuro in #893

Full Changelog: v0.1.5...v0.2.0

v0.1.5

What's Changed

Enhancements 🚀

• Add mapping of snyk meta errors in new API by @sahibamittal in #820

Dependency Updates 🤖

• Bump actions/checkout from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #827
• Bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 by @dependabot in #826
• Bump io.smallrye:jandex-maven-plugin from 3.1.3 to 3.1.5 by @dependabot in #825
• Bump org.xerial.snappy:snappy-java from 1.1.10.4 to 1.1.10.5 by @dependabot in #828

Other Changes

• version bump by @VithikaS in #833

Full Changelog: v0.1.4...v0.1.5

v0.1.4

What's Changed

Enhancements 🚀

• Make replicaCount configurable for mirror-service by @nscuro in #783
• Update Helm Chart and Minikube setup to accommodate for multi-replica API server by @nscuro in #717
• Added correlation token in notification subjects by @sahibamittal in #799

Dependency Updates 🤖

• Bump docker/setup-buildx-action from 2.10.0 to 3.0.0 in /.github/workflows by @dependabot in #805
• Bump docker/login-action from 2.2.0 to 3.0.0 in /.github/workflows by @dependabot in #804
• Bump docker/setup-qemu-action from 2.2.0 to 3.0.0 in /.github/workflows by @dependabot in #803
• Bump docker/build-push-action from 4.2.1 to 5.0.0 in /.github/workflows by @dependabot in #802
• Bump com.fasterxml.uuid:java-uuid-generator from 4.2.0 to 4.3.0 by @dependabot in #801
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.0.0 to 3.1.0 by @dependabot in #800
• Bump Redpanda images to v23.2.8 by @nscuro in #806
• Bump quarkus.platform.version from 3.3.2 to 3.3.3 by @dependabot in #809
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.1.0 to 3.2.2 by @dependabot in #810
• Bump graalvm/setup-graalvm from 1.1.3.1 to 1.1.4.2 in /.github/workflows by @dependabot in #816
• Bump actions/setup-java from 3.12.0 to 3.13.0 in /.github/workflows by @dependabot in #817
• Bump quarkus.platform.version from 3.3.3 to 3.4.1 by @dependabot in #815

Other Changes

• Id from source for snyk legacy vulnerability by @VithikaS in #811
• Feature/support go with snyk and ossIndex by @mehab in #812
• bumped version for release by @mehab in #819

Full Changelog: v0.1.3...v0.1.4

v0.1.3

What's Changed

Enhancements 🚀

• Ensure consistent formatting of notification timestamps by @nscuro in #795

Bug Fixes 🐛

• Fix grammatical number of vulnerabilities in ProjectVulnAnalysisCompleteSubject by @nscuro in #781
• Fix batches not being submitted even though batchStore contains records by @nscuro in #788
• Fix potential TopologyException when running multiple vulnerability-analyzer instances by @nscuro in #796

Dependency Updates 🤖

• Bump io.confluent.parallelconsumer:parallel-consumer-core from 0.5.2.6 to 0.5.2.7 by @dependabot in #780
• Bump us.springett:cpe-parser from 2.0.2 to 2.0.3 by @dependabot in #785
• Bump actions/checkout from 3.6.0 to 4.0.0 in /.github/workflows by @dependabot in #784
• Bump com.github.tomakehurst:wiremock-jre8-standalone from 2.35.0 to 2.35.1 by @dependabot in #790
• Bump graalvm/setup-graalvm from 1.1.2.1 to 1.1.3.1 in /.github/workflows by @dependabot in #793
• Bump actions/upload-artifact from 3.1.2 to 3.1.3 in /.github/workflows by @dependabot in #792
• Bump returntocorp/semgrep-action from 0.56.0 to 0.57.0 in /.github/workflows by @dependabot in #791
• Bump quarkus.platform.version from 3.3.1 to 3.3.2 by @dependabot in #789
• Bump docker/build-push-action from 4.1.1 to 4.2.1 in /.github/workflows by @dependabot in #798

Other Changes

• Update cvssv3 assertion in BomUploadProcessingE2ET by @sahibamittal in #786
• Add e2e test for delayed BOM_PROCESSED notification by @nscuro in #787
• Bump version to 0.1.3-SNAPSHOT by @VithikaS in #794

Full Changelog: v0.1.2...v0.1.3

v0.1.2

What's Changed

Enhancements 🚀

• add dashboards for services by @VithikaS in #764
• Enrich notification-publisher logs with context by @nscuro in #770

Bug Fixes 🐛

• Refactor NVD and OSV parsing logic to fix incorrect version range parsing by @nscuro in #756
• Fix breaking change in NEW_VULNERABILITY notification JSON format by @nscuro in #775

Dependency Updates 🤖

• Bump actions/checkout from 3.5.3 to 3.6.0 in /.github/workflows by @dependabot in #767
• Bump bufbuild/buf-breaking-action from 1.1.2 to 1.1.3 in /.github/workflows by @dependabot in #766
• Bump quarkus.platform.version from 3.2.4.Final to 3.3.0 by @dependabot in #765
• Bump com.puppycrawl.tools:checkstyle from 10.12.2 to 10.12.3 by @dependabot in #769
• Bump io.smallrye:jandex-maven-plugin from 3.1.2 to 3.1.3 by @dependabot in #773
• Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 in /.github/workflows by @dependabot in #772
• Bump quarkus.platform.version from 3.3.0 to 3.3.1 by @dependabot in #778

Other Changes

• Bump Redpanda images to v23.2.6 by @nscuro in #763
• Fix broken decimal comparison in BomUploadProcessingE2ET by @nscuro in #777
• Set version to 0.1.2-SNAPSHOT in preparation of bugfix release by @nscuro in #779

Full Changelog: v0.1.1...v0.1.2

v0.1.1

What's Changed

Enhancements 🚀

• Improve BOV assertion tests for mirror-service by @sahibamittal in #757

Bug Fixes 🐛

• Fix random BOM refs in BOVs produced by mirror-service by @nscuro in #755
• Fix vulnerability title/description mapping by @sahibamittal in #754

Dependency Updates 🤖

• Bump quarkus.platform.version from 3.2.3.Final to 3.2.4.Final by @dependabot in #747
• Bump bufbuild/buf-setup-action from 1.26.0 to 1.26.1 in /.github/workflows by @dependabot in #748
• Bump returntocorp/semgrep-action from 0.55.0 to 0.56.0 in /.github/workflows by @dependabot in #753
• Bump io.github.jeremylong:open-vulnerability-clients from 4.1.0 to 4.1.1 by @dependabot in #758
• Bump io.github.jeremylong:open-vulnerability-clients from 4.1.1 to 4.1.2 by @dependabot in #759

Other Changes

• Set up documentation website with MkDocs and GitHub Pages by @sahibamittal in #752
• Set version to 0.1.1-SNAPSHOT in preparation of bugfix release by @nscuro in #762

Full Changelog: v0.1.0...v0.1.1

v0.1.0

What's Changed

Enhancements 🚀

• Simplify handling of secret key by @nscuro in #188
• Implementation of stateful retries for vulnerability analyzers by @nscuro in #174
• Snyk: skip unsupported PURL types by @nscuro in #200
• Add health-, ready-, and liveness checks for vuln analyzer by @nscuro in #202
• Export request duration metrics for Snyk HTTP client by @nscuro in #205
• Unify metric and tag names by @nscuro in #207
• Add Grafana dashboard for vulnerability analyzer by @nscuro in #211
• Support multiple instances in vuln analyzer Grafana dashboard by @nscuro in #214
• helm charts capability added for repo meta analyzer as well as notifi… by @mehab in #225
• Remove last traces of Alpine by @nscuro in #237
• Cleanup dependency management by @nscuro in #242
• Use native images for demo Compose setup by @nscuro in #243
• Use pre-built API server container image for demo by @nscuro in #246
• Use Quarkus' fast-jar packaging again by @nscuro in #249
• Build and publish native executables for amd64 and arm64 by @nscuro in #255
• Compose: Add frontend container; Increase default stream threads to 3 by @nscuro in #275
• Tweak dockerfiles by @nscuro in #277
• Disable database features for mirror service by @nscuro in #298
• Add basic checkstyle config by @nscuro in #314
• Avoid repartition caused by tombstone emitters by @nscuro in #312
• Re-enable SonarCloud by @nscuro in #324
• Feature/snyk batch processor by @VithikaS in #323
• Add protobuf serializers and schemas for vulnerability analysis domain by @nscuro in #337
• Build and push JVM-based images with Quarkus again by @nscuro in #358
• Remove mirroring of analyzer results by @nscuro in #357
• Metrics trial by @VithikaS in #351
• Refactor vulnerability-analyzer to use Protobuf schemas by @nscuro in #338
• Add prefix by @VithikaS in #360
• Log retryable exceptions in debug level instead of warn by @nscuro in #365
• Prevent Quarkus datasource dev services from starting for metrics service by @nscuro in #371
• Reduce memory footprint of demo Compose setup by @nscuro in #385
• Change protoc version by @sahibamittal in #395
• Enable compaction for metrics topics by @nscuro in #397
• Map description of OSS Index vulnerabilities by @nscuro in #407
• Refactor repository meta analyzer to use Protobuf schemas by @nscuro in #411
• Bump Redpanda and Redpanda Console by @nscuro in #413
• Revert ID column types from int to long again by @nscuro in #412
• Introduce buf for QA of Protobuf schemas by @nscuro in #414
• Feature/fix internal analyzer by @mehab in #418
• Add dashboards by @VithikaS in #421
• Refactor notification publisher to use Protobuf schemas by @nscuro in #415
• Initial work for end-to-end tests by @nscuro in #422
• Add filters to instance variable of Grafana dashboards by @nscuro in #453
• Consider topic prefix for notification topic pattern by @nscuro in #460
• Enable Snappy compression for notification-publisher and repository-meta-analyzer by @nscuro in #463
• Feature/new OSV implement by @mehab in #462
• Replace legacy mirror-service with mirror-service-x by @nscuro in #477
• Cleanup by @nscuro in #479
• Port BOM_PROCESSING_FAILED notification from upstream by @nscuro in #484
• Emit a single result event for vulnerability scans by @nscuro in #464
• Ensure all services expose health endpoints by @nscuro in #495
• build(deps): upgrade open-vulnerability-clients by @jeremylong in #506
• backported enhancement from 2396 by @mehab in #514
• Add mapping for alias sync enabled by @sahibamittal in #508
• build(deps): bump open-vulnerability-clients from 3.0.0 to 4.0.1 by @jeremylong in #511
• Optimize state store usage by @nscuro in #538
• Added SnykAnalyserException by @VithikaS in #543
• Replace cpe with generic as versioning scheme in NVD parser by @sahibamittal in #546
• Update supported PURL types for Snyk and bump default API version by @nscuro in #552
• Handle multiple topic configs in create-topics.sh by @nscuro in #555
• Add helm chart by @nscuro in #556
• Port tests for SendMailPublisher by @nscuro in #565
• Helm: Add port definition to vuln analyzer service by @nscuro in #569
• Bump various container image versions by @nscuro in #577
• Helm: Add API server and frontend by @nscuro in #570
• Capture physical allocated memory (RSS) of the JVM process by @nscuro in #580
• Revise labels in Helm chart by @nscuro in #583
• Migrate Notification Publisher to Confluent Parallel Consumer by @nscuro in #586
• Have the API server generate the DB schema for the demo setup by @nscuro in #623
• Add Benthos configs for BOM forwarding by @nscuro in #634
• Update demo setup by @nscuro in #650
• Remove indexing service notification by @nscuro in #662
• Update API server Grafana dashboard by @nscuro in #677
• Bump Redpanda and Redpanda Console image versions by @nscuro in #697
• Switch to Mandrel for native image builds by @nscuro in #714
• Add release workflow by @nscuro in #709
• Add IntelliJ run configurations for common tasks by @nscuro in #726
• Remove unused org.hyades.vuln.v1 proto by @nscuro in #730

Bug Fixes 🐛

• Revert "Update actions/setup-java action to v3.7.0 (#143)" by @nscuro in #152
• Fix build of container image for native executable by @nscuro in #195
• Use GH Action to build and push container image in one step by @nscuro in #196
• Register RetryableRecord.JsonRecordHeader for reflection by @nscuro in #201
• Fix load test fixture generation by @nscuro in #216
• Fix Maven repo meta analysis failing with native image by @nscuro in #241
• Fix sonar project key by @nscuro in #260
• Fix ClassNotFoundException in Caffeine for native image by @nscuro in #263
• Build multi-platform images for jar-based distribution by @nscuro in #264
• Fix container image repo name; Do not push on forks by @nscuro in #266
• Fix NugetMetaAnalyzer reporting MetaModel.component as null by ...