Update docker.io/dependencytrack/apiserver Docker tag to v4.14.1
No problems upgrading the backend Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot.
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.io/dependencytrack/apiserver (source, changelog) | patch | 4.14.0 → 4.14.1 |
Release Notes
DependencyTrack/dependency-track (docker.io/dependencytrack/apiserver)
v4.14.1
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
750b0c768208d7c6b7e32e8f1a7500eb94788069 dependency-track-apiserver.jar
61eac5828458dfea46507c26f3384bb452ebeefe dependency-track-bundled.jar
# SHA256
142bdfa36defffc2304d03f9ef7ecd162f1185dcbc00933a73529cac7f12980c dependency-track-apiserver.jar
6cedc727a3f8eb2343397e50a1b5515a99c2a361b7c55aa60dbeff85c1f4af2d dependency-track-bundled.jar
# SHA512
b2e37486f0775793c0d2dfc6a0adfae96e8bdc6b09d4708902ad504ea9e6b24505753319c183b4549d080cd4e71c8e1efa13cd916cc67434603d9d0b28aeb274 dependency-track-apiserver.jar
f0bc70a0d5e6bce155dca1ec051e7a333c8c4ff836e002a6acabacf5a8a4e8298c7a223e8cd1a86f4a5bca5fb7c0c5f99bf6aea7cc602e9c51bc3cfab1100aa2 dependency-track-bundled.jar
What's Changed
Enhancements 🚀
- Backport: Add support for NuGet versioning scheme by @nscuro in #5958
- Backport: Fix wasteful existence queries by @nscuro in #5960
- Backport: Add support for Composer versioning scheme by @nscuro in #5963
- Backport: Support Sonatype Guide tokens for OSS Index analyzer by @nscuro in #5996
Bug Fixes 🐛
- Backport: Fix PURL-specific version matching being bypassed for components with CPE by @nscuro in #5959
- Backport: Fix potentially wrong version being used for CPE comparison by @nscuro in #5962
- Backport: Fix scheduled notification query failing when ID columns are not of type BIGINT by @nscuro in #5979
- Backport: Avoid NPE when computing Trivy pkgType (#5982) by @stohrendorf in #5987
- Backport: Use ecosystem-aware version comparison for latest version detection by @nscuro in #5995
- Backport: Remove leading whitespace from vulnerability badge SVG template by @nscuro in #6000
Dependency Updates 🤖
- build(deps): bump eclipse-temurin from
2866f12toa6884e6in /src/main/docker by @dependabot[bot] in #5921 - build(deps): bump debian from
85dfcffto99fc6d2in /src/main/docker by @dependabot[bot] in #5920 - build(deps): bump com.microsoft.sqlserver:mssql-jdbc from 13.2.1.jre11 to 13.4.0.jre11 by @dependabot[bot] in #5916
- build(deps): bump lib.resilience4j.version from 2.3.0 to 2.4.0 by @dependabot[bot] in #5915
- build(deps): bump org.apache.maven:maven-artifact from 3.9.13 to 3.9.14 by @dependabot[bot] in #5905
- build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.38 to 2.1.39 by @dependabot[bot] in #5896
- build(deps): bump io.github.nscuro:versatile-core from 0.16.1 to 0.17.0 by @dependabot[bot] in #5930
- build(deps): bump eclipse-temurin from
a6884e6tod556bfdin /src/main/docker by @dependabot[bot] in #5928 - build(deps): bump org.metaeffekt.core:ae-security from 0.153.1 to 0.153.2 by @dependabot[bot] in #5929
- build(deps-dev): bump org.testcontainers:testcontainers from 2.0.3 to 2.0.4 by @dependabot[bot] in #5939
- build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.28.1 to 1.28.2 by @dependabot[bot] in #5940
- build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.28.1 to 1.28.2 by @dependabot[bot] in #5941
- build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.28.1 to 1.28.2 by @dependabot[bot] in #5942
- build(deps): bump io.github.nscuro:versatile-core from 0.17.0 to 0.18.0 by @dependabot[bot] in #5947
- build(deps): bump lib.protobuf-java.version from 4.34.0 to 4.34.1 by @dependabot[bot] in #5954
- build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.0.2 to 5.1.0 by @dependabot[bot] in #5983
- build(deps): bump eclipse-temurin from
d556bfdto305fb0cin /src/main/docker by @dependabot[bot] in #5990 - Backport: Bump bundled frontend to 4.14.1 by @nscuro in #6004
Other Changes
- Backport: Disable Trivy integration tests by @nscuro in #5961
- Backport: Add age and version distance to operational policy criteria by @nscuro in #5964
- Backport: Harden GitHub Actions workflows by @nscuro in #5980
- Backport: Address zizmor GitHub Actions findings by @nscuro in #5981
- Backport: Fix version in docs by @nscuro in #6005
- Backport: Fix release workflow by @nscuro in #6006
- Add changelog for v4.14.1 by @nscuro in #5999
Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/4.14.0...4.14.1
