Niklas

icon indicating an email [email protected]

icon location Kiel, Germany icon location "I have no idea why this works. You better don't touch it."

Results 836 comments of Niklas

Slack Notifications is not sent notifications except BOM Consumed and BOM Processed

Thanks for checking. Sadly that doesn't really tell us what exactly is wrong. I think someone will need to manually debug under what conditions exactly this is happening.

Slack Notifications is not sent notifications except BOM Consumed and BOM Processed

We have tests that assert the JSON we send to Slack, you can find it here: https://github.com/DependencyTrack/dependency-track/blob/master/src/test/java/org/dependencytrack/notification/publisher/SlackPublisherTest.java

Slack Notifications is not sent notifications except BOM Consumed and BOM Processed

I did some manual testing with a bare-bones Dependency-Track installation, where nothing but the Slack alert is configured. This is a Webhook that was rejected with `invalid_blocks`: Invalid Payload ```json...

Bump net.logstash.logback:logstash-logback-encoder from 7.3 to 7.4

Blocked by #577

Bump lib.logback.version from 1.3.14 to 1.5.6

Note, will need to check how this behaves with `logstash-logback-encoder` (which should then be updated to v7.4). The jump from logback 1.3.x -> >= 1.4.x required Jakarta EE, which we...

Bump lib.kafka.version from 3.7.1 to 3.8.0

Needs a Quarkus update to work: ``` Error: [ERROR] [error]: Build step io.quarkus.kafka.streams.deployment.KafkaStreamsProcessor#build threw an exception: java.lang.NoClassDefFoundError: org/apache/kafka/streams/processor/internals/assignment/StickyTaskAssignor Error: at io.quarkus.kafka.streams.deployment.KafkaStreamsProcessor.registerCompulsoryClasses(KafkaStreamsProcessor.java:89) Error: at io.quarkus.kafka.streams.deployment.KafkaStreamsProcessor.registerClassesThatAreLoadedThroughReflection(KafkaStreamsProcessor.java:[67](https://github.com/DependencyTrack/hyades/actions/runs/10138561407/job/28030437982?pr=1419#step:6:68)) Error: at io.quarkus.kafka.streams.deployment.KafkaStreamsProcessor.build(KafkaStreamsProcessor.java:59) Error: at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)...

Bump lib.kafka.version from 3.7.1 to 3.8.0

@dependabot rebase

`/api/v1/vulnerability/component/{uuid}` endpoint performs horribly for large portfolios

Actually similarly bad query patterns can be seen for `/api/v1/vulnerability/project/` as well: https://github.com/DependencyTrack/hyades-apiserver/blob/c55d7158f881b4e8a24bfa5f2f30032b5dd654d4/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java#L463-L480

Add support for fetching meta data from deps.dev

Thanks @n1ckl0sk0rtge! I've not forgotten about this PR, I'll try to get it reviewed this weekend! Apologies for the delay.

Performance regression: Preparing `IntegrityMetaComponent`s after BOM processing takes too long

Even more clear with https://github.com/DependencyTrack/hyades-apiserver/pull/705 in place: ![image](https://github.com/DependencyTrack/hyades/assets/5693141/6a758942-4c50-421f-8932-0e6dc5456ec5)