v0.3.0

What's Changed

Enhancements 🚀

• Reduce default HTTP client timeouts by @nscuro in #902
• Rename package org.hyades to org.dependencytrack by @mehab in #922
• Add support for github meta analyzer by @sahibamittal in #1032
• Tweak Kafka Streams config by @nscuro in #1043
• Improve Docker Compose setup by @nscuro in #1065
• Move test data from load-tests to testdata by @nscuro in #1066
• Add some simple helper scripts by @nscuro in #1067

Bug Fixes 🐛

• Fix line break issues when cloning repository on Windows by @nscuro in #913
• Fix missing check for NotificationRule enablement by @nscuro in #946
• Fix confusion of IDs when SNYK- vulnerabilities are reported in problems array by @nscuro in #985
• Fix broken native build caused by Cloud SQL socket factory by @nscuro in #1042
• Backport minor bug fixes by @sahibamittal in #1051
• Fix Hibernate exception due to null being assigned to primitive boolean by @nscuro in #1060
• Fix false positives in CPE matching due to ambiguous vendor/product relations by @nscuro in #1061

Dependency Updates 🤖

• Bump graalvm/setup-graalvm from 1.1.4.2 to 1.1.5.1 in /.github/workflows by @dependabot in #895
• Bump helm/chart-testing-action from 2.6.0 to 2.6.1 in /.github/workflows by @dependabot in #896
• Align Protobuf version with API server by @nscuro in #897
• Bump surefire-plugin.version from 3.2.1 to 3.2.2 by @dependabot in #898
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.0 to 5.0.1 by @dependabot in #900
• Bump lib.protobuf-java.version from 3.24.4 to 3.25.0 by @dependabot in #899
• Bump com.github.package-url:packageurl-java from 1.4.1 to 1.4.2 by @dependabot in #903
• Bump quarkus.platform.version from 3.5.0 to 3.5.1 by @dependabot in #904
• Bump com.google.cloud.sql:postgres-socket-factory from 1.14.1 to 1.15.0 by @dependabot in #908
• Bump bufbuild/buf-setup-action from 1.27.2 to 1.28.0 in /.github/workflows by @dependabot in #906
• Bump com.puppycrawl.tools:checkstyle from 10.12.4 to 10.12.5 by @dependabot in #909
• Bump lib.protobuf-java.version from 3.25.0 to 3.25.1 by @dependabot in #912
• Bump bufbuild/buf-setup-action from 1.28.0 to 1.28.1 in /.github/workflows by @dependabot in #911
• Bump quarkus.platform.version from 3.5.1 to 3.5.2 by @dependabot in #917
• Bump docker/build-push-action from 5.0.0 to 5.1.0 in /.github/workflows by @dependabot in #918
• Bump us.springett:cpe-parser from 2.0.3 to 2.1.0 by @dependabot in #920
• Bump com.icegreen:greenmail-junit5 from 2.0.0 to 2.0.1 by @dependabot in #919
• Bump quarkus.platform.version from 3.5.2 to 3.5.3 by @dependabot in #923
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.1 to 5.0.2 by @dependabot in #933
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.2 to 5.0.3 by @dependabot in #936
• Bump io.pebbletemplates:pebble from 3.2.1 to 3.2.2 by @dependabot in #935
• Bump io.smallrye:jandex-maven-plugin from 3.1.5 to 3.1.6 by @dependabot in #934
• Bump actions/setup-java from 3.13.0 to 4.0.0 in /.github/workflows by @dependabot in #944
• Bump actions/setup-python from 4.7.1 to 4.8.0 in /.github/workflows by @dependabot in #951
• Bump actions/setup-python from 4.8.0 to 5.0.0 in /.github/workflows by @dependabot in #953
• Bump com.puppycrawl.tools:checkstyle from 10.12.5 to 10.12.6 by @dependabot in #952
• Bump io.github.jeremylong:open-vulnerability-clients from 5.0.3 to 5.1.0 by @dependabot in #948
• Bump lib.kafka.version from 3.6.0 to 3.6.1 by @dependabot in #949
• Bump com.github.package-url:packageurl-java from 1.4.2 to 1.5.0 by @dependabot in #958
• Bump actions/download-artifact from 3.0.2 to 4.0.0 in /.github/workflows by @dependabot in #972
• Bump actions/upload-artifact from 3.1.3 to 4.0.0 in /.github/workflows by @dependabot in #971
• Bump surefire-plugin.version from 3.2.2 to 3.2.3 by @dependabot in #970
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.0 to 1.15.1 by @dependabot in #963
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-8 to 4.0.0-alpha-9 by @dependabot in #962
• Bump lib.resilience4j.version from 2.1.0 to 2.2.0 by @dependabot in #975
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.0 to 5.1.1 by @dependabot in #974
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.0 by @dependabot in #980
• Bump actions/download-artifact from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #981
• Bump com.squareup.okhttp3:okhttp from 4.11.0 to 4.12.0 by @dependabot in #978
• Bump com.squareup.okio:okio from 3.6.0 to 3.7.0 by @dependabot in #979
• Bump Redpanda to v23.2.21 by @nscuro in #988
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.0 to 3.12.1 by @dependabot in #990
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-9 to 4.0.0-alpha-10 by @dependabot in #989
• Bump com.puppycrawl.tools:checkstyle from 10.12.6 to 10.12.7 by @dependabot in #992
• Bump quarkus.platform.version from 3.5.3 to 3.6.4 by @dependabot in #984
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.0 by @dependabot in #991
• Bump org.assertj:assertj-core from 3.25.0 to 3.25.1 by @dependabot in #995
• Bump surefire-plugin.version from 3.2.3 to 3.2.5 by @dependabot in #1000
• Bump actions/download-artifact from 4.1.0 to 4.1.1 in /.github/workflows by @dependabot in #1002
• Bump lib.protobuf-java.version from 3.25.1 to 3.25.2 by @dependabot in #1003
• Bump quarkus.platform.version from 3.6.4 to 3.6.5 by @dependabot in #1004
• Bump actions/upload-artifact from 4.0.0 to 4.1.0 in /.github/workflows by @dependabot in #1010
• Bump org.apache.maven:maven-artifact from 4.0.0-alpha-10 to 4.0.0-alpha-12 by @dependabot in #1011
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.1 to 1.15.2 by @dependabot in #1017
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #1014
• Bump quarkus.platform.version from 3.6.5 to 3.6.6 by @dependabot in #1013
• Bump actions/upload-artifact from 4.1.0 to 4.2.0 in /.github/workflows by @dependabot in #1018
• Bump quarkus.platform.version from 3.6.6 to 3.6.7 by @dependabot in #1029
• Bump actions/upload-artifact from 4.2.0 to 4.3.0 in /.github/workflows by @dependabot in #1028
• Bump bufbuild/buf-setup-action from 1.28.1 to 1.29.0 in /.github/workflows by @dependabot in #1033
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.2 by @dependabot in #1034
• Bump Redpanda to v23.3.3 by @nscuro in #1036
• Bump io.confluent.parallelconsumer:parallel-consumer-core from 0.5.2.7 to 0.5.2.8 by @dependabot in #1037
• Bump org.testcontainers:minio from 1.19.3 to 1.19.4 by @dependabot in #1038
• Bump Redpanda Console to v2.4.0 by @nscuro in #1040
• Use Mandrel 23.1 to build native images by @nscuro in #1041
• Bump quarkus.platform.version from 3.6.7 to 3.6.8 by @dependabot in #1046
• Bump com.puppycrawl.tools:checkstyle from 10.12.7 to 10.13.0 by @dependabot in #1045
• Bump org.kohsuke:github-api from 1.316 to 1.318 by @dependabot in #1050
• Bump quarkus.platform.version from 3.6.8 to 3.7.1 by @dependabot in #1052
• Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 by @dependabot in #1053
• Bump org.json:json from 20231013 to 20240205 by @dependabot in #1057
• Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.2 to 3.2.4 by @dependabot in #1056
• Bump actions/download-artifact from 4.1.1 to 4.1.2 in /.github/workflows by @dependabot in #1055
• Bump actions/upload-artifact from 4.3.0 to 4.3.1 in /.github/workflows by @dependabot in #1054
• Bump org.testcontainers:minio from 1.19.4 to 1.19.5 by @dependabot in #1063
• Bump quarkus.platform.version from 3.7.1 to 3.7.2 by @dependabot in #1062
• Bump io.minio:minio from 8.5.7 to 8.5.8 by @dependabot in #1069
• Bump com.squareup.okio:okio from 3.7.0 to 3.8.0 by @dependabot in #1068
• Bump com.google.cloud.sql:postgres-socket-factory from 1.15.2 to 1.16.0 by @dependabot in #1076
• Bump lib.protobuf-java.version from 3.25.2 to 3.25.3 by @dependabot in #1079
• Bump quarkus.platform.version from 3.7.2 to 3.7.3 by @dependabot in #1078

Other Changes

• Update README.md by @VinodAnandan in #894
• Update documentation by @nscuro in #910
• Mention native image variants in demo Compose setup by @nscuro in #915
• Enable CEL policy engine and integrity analysis per default in demo setup by @nscuro in #914
• Use custom frontend with CEL and integrity analysis support by @nscuro in #916
• Update docs policy expressions by @nscuro in #921
• Refactored repository url usage for integrity and repo meta by @sahibamittal in #888
• Add e2e test for vulnerability policies by @nscuro in #976
• Update docs with shortened CEL type namespace by @nscuro in #977
• add nginx to docker compose by @mehab in #954
• Extend vuln policy e2e test with analysis reversal by @nscuro in #996
• Fix split package by moving directories by @sahibamittal in #998
• Fix repometaanalyzer package being used in notification-publisher module by @nscuro in #1001
• Remove CEL_POLICY_ENGINE_ENABLED from docker-compose.yml by @nscuro in #1035
• Improve logging for notification publishing by @sahibamittal in #1026
• Housekeeping by @nscuro in #1044
• Incorporate manual sync trigger in vuln policy e2e test by @nscuro in #1012
• Use macOS M1 runner to build arm64 binaries by @nscuro in #1048
• Revert "Use macOS M1 runner to build arm64 binaries" by @nscuro in #1049
• Use schema generated by Liquibase to initialize Postgres testcontainers by @nscuro in #1064
• Add test to double check NPE when OSV package is not defined by @sahibamittal in #1072

Full Changelog: v0.2.0...v0.3.0