Niklas
Niklas
> Create a special "relaxedGroupClaimParser" flag. We could introduce a strategy flag for this. Such that users can switch between different strategies, and we can add more over time if...
Note, the code that maps claims lives here in Alpine: https://github.com/stevespringett/Alpine/blob/05660dc52bbbd926133b84fac8295d386013c551/alpine-server/src/main/java/alpine/server/auth/OidcAuthenticationService.java#L128-L135
> as well as project properties and tags Any use cases that come to mind for this? Can / should a component's "internal" status really depend on project-level information?
We've been waiting for endoflife.date to support PURL, which [as far as I can tell](https://endoflife.date/docs/api) is still not the case. Without PURL support, we can't reliably correlate packages we ingest...
I suspect the problem is that the underlying library [inspects the first few bytes on the file to decide which format the file is in](https://github.com/CycloneDX/cyclonedx-core-java/blob/b0bdc500ddda904598d8439bd57ea07312060497/src/main/java/org/cyclonedx/parsers/BomParserFactory.java#L45-L57). We should instead do something...
> Yet I don't understand why the upload completes successfully instead of returning an error? Only the schema validation happens synchronously with the request. The schema validation logic is able...
> Maybe the /token API could be extended to report processing errors? This will come in v5, and in fact it will come for many more asynchronous processes, not just...
Unfortunately this is not possible because the task queues are entirely in-memory, and tasks have no state that could be observed. *However*, this will change with the upcoming version 5....
Note, this was fixed in v5 but should be backport-able: https://github.com/DependencyTrack/hyades-apiserver/pull/1117
I am not 100% confident we can simply resolve `Bouncy Castle License` to `MIT`. Even if they are effectively the same, I believe this replacement would qualify as data loss....