Resolve merge conflicts#17
Merged
jhoward-lm merged 52 commits intolmco:gitlab-integration-bom-uploadfrom Jul 28, 2025
Merged
Conversation
Bumps [io.swagger.parser.v3:swagger-parser](https://github.com/swagger-api/swagger-parser) from 2.1.30 to 2.1.31. - [Release notes](https://github.com/swagger-api/swagger-parser/releases) - [Commits](swagger-api/swagger-parser@v2.1.30...v2.1.31) --- updated-dependencies: - dependency-name: io.swagger.parser.v3:swagger-parser dependency-version: 2.1.31 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-lang3 dependency-version: 3.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps `lib.liquibase.version` from 4.32.0 to 4.33.0. Updates `org.liquibase:liquibase-core` from 4.32.0 to 4.33.0 - [Release notes](https://github.com/liquibase/liquibase/releases) - [Changelog](https://github.com/liquibase/liquibase/blob/master/changelog.txt) - [Commits](liquibase/liquibase@v4.32.0...v4.33.0) Updates `org.liquibase:liquibase-maven-plugin` from 4.32.0 to 4.33.0 - [Release notes](https://github.com/liquibase/liquibase/releases) - [Changelog](https://github.com/liquibase/liquibase/blob/master/changelog.txt) - [Commits](liquibase/liquibase@v4.32.0...v4.33.0) --- updated-dependencies: - dependency-name: org.liquibase:liquibase-core dependency-version: 4.33.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.liquibase:liquibase-maven-plugin dependency-version: 4.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…quibase.version-4.33.0
…ache.commons-commons-lang3-3.18.0
…gger.parser.v3-swagger-parser-2.1.31
Bumps [com.github.ben-manes.caffeine:caffeine](https://github.com/ben-manes/caffeine) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/ben-manes/caffeine/releases) - [Commits](ben-manes/caffeine@v3.2.1...v3.2.2) --- updated-dependencies: - dependency-name: com.github.ben-manes.caffeine:caffeine dependency-version: 3.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps `lib.micrometer.version` from 1.15.1 to 1.15.2. Updates `io.micrometer:micrometer-registry-prometheus` from 1.15.1 to 1.15.2 - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.15.1...v1.15.2) Updates `io.micrometer:micrometer-registry-prometheus-simpleclient` from 1.15.1 to 1.15.2 - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.15.1...v1.15.2) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-registry-prometheus dependency-version: 1.15.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.micrometer:micrometer-registry-prometheus-simpleclient dependency-version: 1.15.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…thub.ben-manes.caffeine-caffeine-3.2.2
…crometer.version-1.15.2
Signed-off-by: nscuro <nscuro@protonmail.com>
The result set doesn't contain any duplicate rows, no need to de-duplicate. Signed-off-by: nscuro <nscuro@protonmail.com>
Bumps com.google.cloud.sql:postgres-socket-factory from 1.25.1 to 1.25.2. --- updated-dependencies: - dependency-name: com.google.cloud.sql:postgres-socket-factory dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ogle.cloud.sql-postgres-socket-factory-1.25.2
…ter-concise-endpoint
Bumps org.openapitools:openapi-generator-maven-plugin from 7.13.0 to 7.14.0. --- updated-dependencies: - dependency-name: org.openapitools:openapi-generator-maven-plugin dependency-version: 7.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps org.apache.maven:maven-artifact from 3.9.10 to 3.9.11. --- updated-dependencies: - dependency-name: org.apache.maven:maven-artifact dependency-version: 3.9.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…enapitools-openapi-generator-maven-plugin-7.14.0
…ache.maven-maven-artifact-3.9.11
Since making all mutating endpoints transactional, there exists a race condition where a BOM upload processing event might be consumed before the creation of the project the BOM was uploaded to got committed. This could cause the BOM processing to fail because the project didn't yet exist. Signed-off-by: nscuro <nscuro@protonmail.com>
Bumps [io.github.ascopes:protobuf-maven-plugin](https://github.com/ascopes/protobuf-maven-plugin) from 3.6.0 to 3.6.1. - [Release notes](https://github.com/ascopes/protobuf-maven-plugin/releases) - [Commits](ascopes/protobuf-maven-plugin@v3.6.0...v3.6.1) --- updated-dependencies: - dependency-name: io.github.ascopes:protobuf-maven-plugin dependency-version: 3.6.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.19.1 to 2.19.2. - [Commits](FasterXML/jackson-bom@jackson-bom-2.19.1...jackson-bom-2.19.2) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.19.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) from 6.3.0 to 6.3.1. - [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES) - [Commits](brettwooldridge/HikariCP@HikariCP-6.3.0...HikariCP-6.3.1) --- updated-dependencies: - dependency-name: com.zaxxer:HikariCP dependency-version: 6.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 5.13.3 to 5.13.4. - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.13.3...r5.13.4) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-version: 5.13.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [commons-io:commons-io](https://github.com/apache/commons-io) from 2.19.0 to 2.20.0. - [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-io@rel/commons-io-2.19.0...rel/commons-io-2.20.0) --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…xxer-HikariCP-6.3.1
…hub.ascopes-protobuf-maven-plugin-3.6.1
…s-io-commons-io-2.20.0
…sterxml.jackson-jackson-bom-2.19.2
Bumps [stoplightio/spectral-action](https://github.com/stoplightio/spectral-action) from 0.8.12 to 0.8.13. - [Release notes](https://github.com/stoplightio/spectral-action/releases) - [Commits](stoplightio/spectral-action@577bade...6416fd0) --- updated-dependencies: - dependency-name: stoplightio/spectral-action dependency-version: 0.8.13 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…nit-junit-bom-5.13.4
…ns/stoplightio/spectral-action-0.8.13
Signed-off-by: nscuro <nscuro@protonmail.com>
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.26 to 11.26.1. - [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt) - [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.26.1..11.26) --- updated-dependencies: - dependency-name: com.nimbusds:oauth2-oidc-sdk dependency-version: 11.26.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) from 6.3.1 to 6.3.2. - [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES) - [Commits](brettwooldridge/HikariCP@HikariCP-6.3.1...HikariCP-6.3.2) --- updated-dependencies: - dependency-name: com.zaxxer:HikariCP dependency-version: 6.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…xxer-HikariCP-6.3.2
…mbusds-oauth2-oidc-sdk-11.26.1
…to gitlab-integration-bom-upload-fix-mcs
5 tasks
jhoward-lm
approved these changes
Jul 28, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Pulls in the latest changes from
mainand resolves merge conflicts.Addressed Issue
DependencyTrack#1325
Additional Details
N/A
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR implements an enhancement, and I have provided tests to verify that it works as intendedThis PR introduces changes to the database model, and I have updated the migration changelog accordinglyThis PR introduces new or alters existing behavior, and I have updated the documentation accordingly