chore(deps): update dependencytrack/apiserver docker tag to v4.14.2 #148

Open

renovate-bot wants to merge 1 commit from renovate/dependencytrack-apiserver-4.x into main

pull from: renovate/dependencytrack-apiserver-4.x

merge into: phbaer:main

phbaer:main

phbaer:renovate/node-25.x-lockfile

phbaer:renovate/vitest-4.x-lockfile

phbaer:renovate/vitest-coverage-v8-4.x-lockfile

phbaer:feat-background-code-analysis

phbaer:renovate/vue-tsc-3.x-lockfile

phbaer:renovate/tailwindcss-postcss-4.x-lockfile

phbaer:renovate/vite-8.x-lockfile

phbaer:renovate/postcss-8.x-lockfile

phbaer:integrate-vscorer-wizard

phbaer:renovate/astral-sh-setup-uv-8.x

phbaer:renovate/dependencytrack-frontend-4.x

phbaer:add-more-status-info

phbaer:rescoring-improvements

phbaer:cve-filter-dashboard

phbaer:bearer-token-api-access

Conversation 0 Commits 1 Files changed 1 +1 -1

renovate-bot commented 2026-05-09 00:01:48 +00:00

Collaborator

Copy link

This PR contains the following updates:

Package	Update	Change
dependencytrack/apiserver (source)	patch	4.14.1 → 4.14.2

---

Release Notes

DependencyTrack/dependency-track (dependencytrack/apiserver)

v4.14.2

Compare Source

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
953074d95757bea162931b7811885945bbe992aa  dependency-track-apiserver.jar
53f3198f5422e1117f53859c5f42403f48a4a4e3  dependency-track-bundled.jar

# SHA256
3ff379380d35b9ff924014b680e7f3718c119f59b2cc4ee6ece4345a3ca1c110  dependency-track-apiserver.jar
fca1c0c69d543f4be3501f04d3293beef5b5db9fbad24d55cfc70ea2cc8e2b4f  dependency-track-bundled.jar

# SHA512
4e6119cfc05ed8767cdf1302b31c47814a025d854fa5f793a6b1bb0341732762a40cc5f3b93f59e7432e75d3cf7f2aa44320df129b85cea9e1de8fb81a053fc5  dependency-track-apiserver.jar
a047cd00ebdc59074c096c7ab6b095e0367e563f07c6565ab33413d6b9c5dbcb42a89cc71136dbe04b9ef48697f00673a15c0e18313dcde6c9c04a069c901b33  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

• Backport: Improve performance of vuln data source mirroring by @​nscuro in #​6040
• Backport: Handle epoch PURL qualifier for version comparison by @​nscuro in #​6083
• Backport: Add project filters to component identity search by @​nscuro in #​6087

Bug Fixes 🐛

• Backport: Send composer package names with "/" separator to Trivy by @​nscuro in #​6117

Dependency Updates 🤖

• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.3 to 9.0.4 by @​dependabot[bot] in #​6021
• build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.1.0 to 5.1.2 by @​dependabot[bot] in #​6015
• build(deps): bump debian from 99fc6d2 to e51bfcd in /src/main/docker by @​dependabot[bot] in #​6014
• build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.1.2 to 5.1.3 by @​dependabot[bot] in #​6037
• build(deps): bump alpine from 2510918 to 5b10f43 in /src/main/docker by @​dependabot[bot] in #​6030
• build(deps): bump eclipse-temurin from 305fb0c to d36843a in /src/main/docker by @​dependabot[bot] in #​6029
• build(deps): bump org.metaeffekt.core:ae-security from 0.153.2 to 0.153.3 by @​dependabot[bot] in #​6047
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.39 to 2.1.40 by @​dependabot[bot] in #​6046
• Backport: Bump maven-artifact to 3.9.15 by @​nscuro in #​6048
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.6 to 5.6.1 by @​dependabot[bot] in #​6060
• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.4 to 9.0.5 by @​dependabot[bot] in #​6066
• build(deps): bump debian from e51bfcd to 8f0c555 in /src/main/docker by @​dependabot[bot] in #​6052
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.28.2 to 1.28.3 by @​dependabot[bot] in #​6071
• build(deps-dev): bump org.testcontainers:testcontainers from 2.0.4 to 2.0.5 by @​dependabot[bot] in #​6076
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.28.2 to 1.28.3 by @​dependabot[bot] in #​6073
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.28.2 to 1.28.3 by @​dependabot[bot] in #​6072
• build(deps): bump org.metaeffekt.core:ae-security from 0.153.3 to 0.154.0 by @​dependabot[bot] in #​6080
• build(deps): bump org.apache.maven:maven-artifact from 3.9.14 to 3.9.15 by @​dependabot[bot] in #​6045
• build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 by @​dependabot[bot] in #​6101
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.40 to 2.1.41 by @​dependabot[bot] in #​6100
• Backport: Bump versatile to 0.18.1 by @​nscuro in #​6116
• Backport: Bump bundled frontend to 4.14.2 by @​nscuro in #​6122

Other Changes

• Backport: Ignore flaky VulnerableSoftwareIndexerTest by @​nscuro in #​6039
• Backport: Fix borked docs navigation by @​nscuro in #​6118
• Add changelog for 4.14.2 by @​nscuro in #​6120

Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/4.14.1...4.14.2

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [dependencytrack/apiserver](https://dependencytrack.org/) ([source](https://github.com/DependencyTrack/dependency-track)) | patch | `4.14.1` → `4.14.2` | --- ### Release Notes <details> <summary>DependencyTrack/dependency-track (dependencytrack/apiserver)</summary> ### [`v4.14.2`](https://github.com/DependencyTrack/dependency-track/releases/tag/4.14.2) [Compare Source](https://github.com/DependencyTrack/dependency-track/compare/4.14.1...4.14.2) For official releases, refer to [Dependency Track Docs >> Changelogs](https://docs.dependencytrack.org/changelog/) for information about improvements and upgrade notes. If additional details are required, consult the closed issues for this release milestone. ```text # SHA1 953074d95757bea162931b7811885945bbe992aa dependency-track-apiserver.jar 53f3198f5422e1117f53859c5f42403f48a4a4e3 dependency-track-bundled.jar # SHA256 3ff379380d35b9ff924014b680e7f3718c119f59b2cc4ee6ece4345a3ca1c110 dependency-track-apiserver.jar fca1c0c69d543f4be3501f04d3293beef5b5db9fbad24d55cfc70ea2cc8e2b4f dependency-track-bundled.jar # SHA512 4e6119cfc05ed8767cdf1302b31c47814a025d854fa5f793a6b1bb0341732762a40cc5f3b93f59e7432e75d3cf7f2aa44320df129b85cea9e1de8fb81a053fc5 dependency-track-apiserver.jar a047cd00ebdc59074c096c7ab6b095e0367e563f07c6565ab33413d6b9c5dbcb42a89cc71136dbe04b9ef48697f00673a15c0e18313dcde6c9c04a069c901b33 dependency-track-bundled.jar ``` <!-- Release notes generated using configuration in .github/release.yml at 4.14.2 --> #### What's Changed ##### Enhancements 🚀 - Backport: Improve performance of vuln data source mirroring by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6040](https://github.com/DependencyTrack/dependency-track/pull/6040) - Backport: Handle epoch PURL qualifier for version comparison by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6083](https://github.com/DependencyTrack/dependency-track/pull/6083) - Backport: Add project filters to component identity search by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6087](https://github.com/DependencyTrack/dependency-track/pull/6087) ##### Bug Fixes 🐛 - Backport: Send composer package names with "/" separator to Trivy by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6117](https://github.com/DependencyTrack/dependency-track/pull/6117) ##### Dependency Updates 🤖 - build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.3 to 9.0.4 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6021](https://github.com/DependencyTrack/dependency-track/pull/6021) - build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.1.0 to 5.1.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6015](https://github.com/DependencyTrack/dependency-track/pull/6015) - build(deps): bump debian from `99fc6d2` to `e51bfcd` in /src/main/docker by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6014](https://github.com/DependencyTrack/dependency-track/pull/6014) - build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.1.2 to 5.1.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6037](https://github.com/DependencyTrack/dependency-track/pull/6037) - build(deps): bump alpine from `2510918` to `5b10f43` in /src/main/docker by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6030](https://github.com/DependencyTrack/dependency-track/pull/6030) - build(deps): bump eclipse-temurin from `305fb0c` to `d36843a` in /src/main/docker by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6029](https://github.com/DependencyTrack/dependency-track/pull/6029) - build(deps): bump org.metaeffekt.core:ae-security from 0.153.2 to 0.153.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6047](https://github.com/DependencyTrack/dependency-track/pull/6047) - build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.39 to 2.1.40 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6046](https://github.com/DependencyTrack/dependency-track/pull/6046) - Backport: Bump maven-artifact to 3.9.15 by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6048](https://github.com/DependencyTrack/dependency-track/pull/6048) - build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.6 to 5.6.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6060](https://github.com/DependencyTrack/dependency-track/pull/6060) - build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.4 to 9.0.5 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6066](https://github.com/DependencyTrack/dependency-track/pull/6066) - build(deps): bump debian from `e51bfcd` to `8f0c555` in /src/main/docker by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6052](https://github.com/DependencyTrack/dependency-track/pull/6052) - build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.28.2 to 1.28.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6071](https://github.com/DependencyTrack/dependency-track/pull/6071) - build(deps-dev): bump org.testcontainers:testcontainers from 2.0.4 to 2.0.5 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6076](https://github.com/DependencyTrack/dependency-track/pull/6076) - build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.28.2 to 1.28.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6073](https://github.com/DependencyTrack/dependency-track/pull/6073) - build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.28.2 to 1.28.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6072](https://github.com/DependencyTrack/dependency-track/pull/6072) - build(deps): bump org.metaeffekt.core:ae-security from 0.153.3 to 0.154.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6080](https://github.com/DependencyTrack/dependency-track/pull/6080) - build(deps): bump org.apache.maven:maven-artifact from 3.9.14 to 3.9.15 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6045](https://github.com/DependencyTrack/dependency-track/pull/6045) - build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6101](https://github.com/DependencyTrack/dependency-track/pull/6101) - build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.40 to 2.1.41 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6100](https://github.com/DependencyTrack/dependency-track/pull/6100) - Backport: Bump versatile to 0.18.1 by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6116](https://github.com/DependencyTrack/dependency-track/pull/6116) - Backport: Bump bundled frontend to 4.14.2 by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6122](https://github.com/DependencyTrack/dependency-track/pull/6122) ##### Other Changes - Backport: Ignore flaky VulnerableSoftwareIndexerTest by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6039](https://github.com/DependencyTrack/dependency-track/pull/6039) - Backport: Fix borked docs navigation by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6118](https://github.com/DependencyTrack/dependency-track/pull/6118) - Add changelog for 4.14.2 by [@&#8203;nscuro](https://github.com/nscuro) in [#&#8203;6120](https://github.com/DependencyTrack/dependency-track/pull/6120) **Full Changelog**: <https://github.com/DependencyTrack/dependency-track/compare/4.14.1...4.14.2> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE3MC4xOCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

renovate-bot added 1 commit 2026-05-09 00:01:48 +00:00

chore(deps): update dependencytrack/apiserver docker tag to v4.14.2 f2603acb69

All checks were successful

Hide all checks

Build and Publish Docker Images / test-backend (pull_request) Successful in 47s

Details

Build and Publish Docker Images / test-frontend (pull_request) Successful in 3m4s

Details

Build and Publish Docker Images / delete-pr-images (pull_request) Has been skipped

Details

Build and Publish Docker Images / check-version (pull_request) Has been skipped

Details

Build and Publish Docker Images / build-push-images (pull_request) Successful in 4m3s

Details

Build and Publish Docker Images / create-tag (pull_request) Has been skipped

Details

Build and Publish Docker Images / release (pull_request) Has been skipped

Details

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/dependencytrack-apiserver-4.x:renovate/dependencytrack-apiserver-4.x

git switch renovate/dependencytrack-apiserver-4.x

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

phbaer/dtvp!148

No description provided.