Comments (6)
markusmuellerusi
commented on July 22, 2024
1
Thanks a lot for the clarification!
from dependency-track.
nscuro
commented on July 22, 2024
Alpine snapshots are published to the OSSRH snapshot repository, e.g. https://oss.sonatype.org/content/repositories/snapshots/us/springett/alpine-common/
This repository is configured in Dependency-Track's POM:
Lines 142 to 151 in 1f2cc28
Releasing new versions of Alpine for every single change is currently not practical for us. A new version of Alpine will be released and published to Maven Central when we are certain that it's fully operational and doesn't cause any regressions in DT.
from dependency-track.
markusmuellerusi
commented on July 22, 2024
Then please publish Alpine 2.2.6. It's missing. I do not really want to use a snapshot. But 2.2.6 has the run-in-transaction, which in used in Dependency-Track 4.11. Thanks in advance and best wishes.
from dependency-track.
nscuro
commented on July 22, 2024
I get the frustration, in particular when your organization does not allow consumption from external snapshot repositories.
Then please publish Alpine 2.2.6. It's missing. I do not really want to use a snapshot. But 2.2.6 has the run-in-transaction, which in used in Dependency-Track 4.11.
Version 4.11.x of Dependency-Track is using Alpine 2.2.5:
Lines 24 to 28 in a0c5045
Note that the master branch is used for the next minor version (hence being 4.12.0-SNAPSHOT). We create separate release branches (i.e. 4.11.x as linked above) for backporting any critical bugfixes.
Version 2.2.6 of Alpine will never be released. Due to various larger changes, among them:
2.2.6-SNAPSHOT has been changed to 3.0.0-SNAPSHOT. Dependency-Track 4.12.0-SNAPSHOT has migrated to Alpine 3.0.0-SNAPSHOT via #3730, which was merged yesterday.
from dependency-track.
nscuro
commented on July 22, 2024
If you want to contribute a bugfix (not a feature), you could base your work on the 4.11.x branch and raise a PR into that. We can then take care of porting the fix to master.
Usually we do it the other way around (backporting from master to 4.11.x), but in the end it doesn't really matter.
from dependency-track.
github-actions
commented on July 22, 2024
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from dependency-track.
Related Issues (20)
- Populate Manufacturer field in downloaded SBOM's
- Switch to use authors instead of author
- Move from unsupported tools property to replacement
- Ubuntu 24.04 fails to start Dependency Track HOT 5
- Update the documentation around Docker Compose
- License Information gets lost after a new analysis HOT 1
- Ability to trigger the Policy Evaluation engine HOT 2
- Analyse arbitrary BOM-file HOT 1
- MS Teams is retiring webhooks - Power Automate workflows is the new black HOT 6
- Problem with importing new BOMs HOT 10
- Please consider adopting OpenSSF Scorecard
- Audit vulnerabilities not showing records of big projects HOT 3
- Adding new tags sporadically overwrites previous tags HOT 1
- Identify and classify unknown components
- Limit notifications to portfolio(s) instead of/alongside projects HOT 2
- Affected project in mail-notification doesn't show name HOT 3
- DT project-urls in notification mails for 'new vulnerable dependency' don't work HOT 1
- Configuring experimental BOM Processing V2 fails HOT 7
- Implement Graceful Handling of Maven Central HTTP 429
- Dependency graph of BOMs generated with Syft is incomplete due to missing root node HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track.