hawkbit

Author	SHA1	Message	Date
Stanislav Trailov	f7f94291ad	Add ref & sha to upload sarif in trivy workflow (#3079 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-05-13 09:36:01 +03:00
dependabot[bot]	d4c95ca5e0	Bump io.swagger.core.v3:swagger-annotations-jakarta (#3078 ) Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.49 to 2.2.50. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-version: 2.2.50 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-13 08:43:27 +03:00
Avgustin Marinov	601e770cc5	Restrict 1.0 org.springframework.shell versions (#3074 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-05-12 10:27:19 +03:00
Avgustin Marinov	94b32ae75b	Fix vaadin 1.0 constaring in dependabot (#3073 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-05-12 09:58:08 +03:00
Avgustin Marinov	7ccba8ef86	Restrict updates for 1.0 branch (#3067 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-05-12 09:34:50 +03:00
dependabot[bot]	895463899e	Bump org.springframework.ai:spring-ai-bom from 1.1.5 to 1.1.6 (#3061 ) Bumps [org.springframework.ai:spring-ai-bom](https://github.com/spring-projects/spring-ai) from 1.1.5 to 1.1.6. - [Release notes](https://github.com/spring-projects/spring-ai/releases) - [Commits](https://github.com/spring-projects/spring-ai/compare/v1.1.5...v1.1.6) --- updated-dependencies: - dependency-name: org.springframework.ai:spring-ai-bom dependency-version: 1.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-12 08:40:20 +03:00
Florian BEZANNIER	8d83218dc8	Improve oauth2 (#3014 ) * feat: add custom header to oauth2 req * fix: current.getClass() raise NPE * fix: use access token instead of id token * fix: missing dependency * feat: add oauth2 login from swagger-ui * docs: update oauth2 configuration	2026-05-11 14:50:47 +03:00
Stanislav Trailov	394048a583	Allow input ref parameter in order to see a branch in the reports (#3060 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-05-11 10:50:19 +03:00
github-actions[bot]	0fff8c2660	[Release] Automated commit of .3rd-party/DEPENDENCIES changes	2026-05-11 03:11:31 +00:00
Desislava Marinova	792746728f	Update java docker image version to 21.0.11_10 (#3057 )	2026-05-08 11:05:22 +03:00
Stanislav Trailov	b28071933c	Fix netty vulnerabilities (#3056 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-05-08 10:12:13 +03:00
dependabot[bot]	bbf71da6de	Bump vaadin.version from 25.1.4 to 25.1.5 (#3047 ) Bumps `vaadin.version` from 25.1.4 to 25.1.5. Updates `com.vaadin:vaadin-bom` from 25.1.4 to 25.1.5 Updates `com.vaadin:vaadin-maven-plugin` from 25.1.4 to 25.1.5 - [Release notes](https://github.com/vaadin/platform/releases) - [Commits](https://github.com/vaadin/platform/compare/25.1.4...25.1.5) --- updated-dependencies: - dependency-name: com.vaadin:vaadin-bom dependency-version: 25.1.5 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.vaadin:vaadin-maven-plugin dependency-version: 25.1.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-08 09:15:15 +03:00
Stanislav Trailov	976106c75f	Enable trivy and dependabot on 1.0 branch (#3046 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-05-07 09:59:37 +03:00
github-actions[bot]	111658a548	[Release] Automated commit of .3rd-party/DEPENDENCIES changes	2026-05-04 03:10:53 +00:00
dependabot[bot]	eb53cfaaa2	Bump vaadin.version from 25.1.3 to 25.1.4 (#3043 ) Bumps `vaadin.version` from 25.1.3 to 25.1.4. Updates `com.vaadin:vaadin-bom` from 25.1.3 to 25.1.4 Updates `com.vaadin:vaadin-maven-plugin` from 25.1.3 to 25.1.4 - [Release notes](https://github.com/vaadin/platform/releases) - [Commits](https://github.com/vaadin/platform/compare/25.1.3...25.1.4) --- updated-dependencies: - dependency-name: com.vaadin:vaadin-bom dependency-version: 25.1.4 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.vaadin:vaadin-maven-plugin dependency-version: 25.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-30 09:26:09 +03:00
dependabot[bot]	47e14cf042	Bump io.swagger.core.v3:swagger-annotations-jakarta (#3042 ) Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.48 to 2.2.49. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-version: 2.2.49 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-29 08:33:02 +03:00
dependabot[bot]	a73b1ab3cf	Bump org.springframework.ai:spring-ai-bom from 1.1.4 to 1.1.5 (#3040 ) Bumps [org.springframework.ai:spring-ai-bom](https://github.com/spring-projects/spring-ai) from 1.1.4 to 1.1.5. - [Commits](https://github.com/spring-projects/spring-ai/compare/v1.1.4...v1.1.5) --- updated-dependencies: - dependency-name: org.springframework.ai:spring-ai-bom dependency-version: 1.1.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-28 13:14:54 +03:00
Vasil Ilchev	4b83c78618	Fix cleaner clean reference to service before call on it - chain api (#3041 ) * Fix cleaner clean reference to service before call on it - chain api Signed-off-by: vasilchev <vasil.ilchev@bosch.com> * style and comment fix Signed-off-by: vasilchev <vasil.ilchev@bosch.com> --------- Signed-off-by: vasilchev <vasil.ilchev@bosch.com>	2026-04-28 13:13:35 +03:00
dependabot[bot]	ce444f9934	Bump spring-shell.version from 4.0.0 to 4.0.2 (#3037 ) Bumps `spring-shell.version` from 4.0.0 to 4.0.2. Updates `org.springframework.shell:spring-shell-starter` from 4.0.0 to 4.0.2 - [Release notes](https://github.com/spring-projects/spring-shell/releases) - [Commits](https://github.com/spring-projects/spring-shell/compare/v4.0.0...v4.0.2) Updates `org.springframework.shell:spring-shell-jline` from 4.0.0 to 4.0.2 - [Release notes](https://github.com/spring-projects/spring-shell/releases) - [Commits](https://github.com/spring-projects/spring-shell/compare/v4.0.0...v4.0.2) --- updated-dependencies: - dependency-name: org.springframework.shell:spring-shell-starter dependency-version: 4.0.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.shell:spring-shell-jline dependency-version: 4.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-27 08:36:05 +03:00
github-actions[bot]	5362dbeb9a	[Release] Automated commit of .3rd-party/DEPENDENCIES changes	2026-04-27 03:29:14 +00:00
Stanislav Trailov	b63ded1b2b	Use AccessContext.actor() in getApprovalUser in default rollout approval strategy (#3036 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-04-24 16:20:53 +03:00
Avgustin Marinov	160576baac	Bump Spring Boot to 4.0.6 (#3034 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-24 09:01:55 +03:00
dependabot[bot]	897256a042	Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3033 ) Bumps commons-io:commons-io from 2.21.0 to 2.22.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-version: 2.22.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-24 08:27:31 +03:00
dependabot[bot]	7441e87751	Bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 (#3032 ) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-24 08:27:08 +03:00
clayly	2e53a66b79	Fix test assertions that depend on undefined row ordering (#3007 ) * Fix test assertions that depend on undefined row ordering Several tests use containsExactly() or index-based comparison on query results that have no ORDER BY clause. SQL does not guarantee row ordering without explicit ORDER BY, and databases like YugabyteDB return results in a different (but valid) order than PostgreSQL/H2. These tests verify set membership (correct targets assigned, correct actions stored), not ordering. Changed to order-independent assertions: - AutoAssignTest: containsExactly -> containsExactlyInAnyOrder - ControllerManagementTest: index-based loop -> containsExactlyInAnyOrderElementsOf - TargetFilterQueryManagementTest: containsExactly -> containsExactlyInAnyOrder Verified passing on H2 (default) and YugabyteDB (PostgreSQL-compatible). * Trigger ECA re-check	2026-04-21 17:21:38 +03:00
clayly	bdb87a95d9	Fix LIKE on non-String fields failing on PostgreSQL (#3008 ) * Fix LIKE on non-String fields failing on PostgreSQL-compatible databases The like() and notLike() methods in SpecificationBuilder relied on catching a Hibernate-specific CoercionException when LIKE was applied to non-String fields (e.g. bigint) with a wildcard-only value. However, with EclipseLink the invalid SQL is sent directly to the database, where PostgreSQL and compatible databases (YugabyteDB, CockroachDB) reject it with "operator does not exist: bigint ~~ text". Move the non-String field check before building the SQL predicate, making it database-agnostic and JPA-provider-agnostic. A wildcard-only LIKE on a non-String field is semantically equivalent to IS NOT NULL (and NOT LIKE to IS NULL), which is what the fallback already produced. * Trigger ECA re-check	2026-04-21 15:45:02 +03:00
dependabot[bot]	4cb5b161f1	Bump org.jsoup:jsoup from 1.22.1 to 1.22.2 (#3031 ) Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.22.1 to 1.22.2. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md) - [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.22.1...jsoup-1.22.2) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-version: 1.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-21 13:52:46 +03:00
dependabot[bot]	f6ece97b81	Bump io.github.openfeign:feign-hc5 from 13.11 to 13.12 (#3030 ) Bumps [io.github.openfeign:feign-hc5](https://github.com/openfeign/feign) from 13.11 to 13.12. - [Release notes](https://github.com/openfeign/feign/releases) - [Changelog](https://github.com/OpenFeign/feign/blob/master/CHANGELOG.md) - [Commits](https://github.com/openfeign/feign/compare/13.11...13.12) --- updated-dependencies: - dependency-name: io.github.openfeign:feign-hc5 dependency-version: '13.12' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-21 13:52:22 +03:00
Avgustin Marinov	c029c88db6	Improved AccessContext (#3029 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-21 13:51:37 +03:00
Stanislav Trailov	f2edc36e11	Add verify with Postgre (#3005 ) * Add verify with Postgre Signed-off-by: strailov <Stanislav.Trailov@bosch.io> * make them only on trigger manually Signed-off-by: strailov <Stanislav.Trailov@bosch.io> --------- Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-04-20 10:04:12 +03:00
dependabot[bot]	8473212f59	Bump vaadin.version from 25.1.2 to 25.1.3 (#3028 ) Bumps `vaadin.version` from 25.1.2 to 25.1.3. Updates `com.vaadin:vaadin-bom` from 25.1.2 to 25.1.3 Updates `com.vaadin:vaadin-maven-plugin` from 25.1.2 to 25.1.3 - [Release notes](https://github.com/vaadin/platform/releases) - [Commits](https://github.com/vaadin/platform/compare/25.1.2...25.1.3) --- updated-dependencies: - dependency-name: com.vaadin:vaadin-bom dependency-version: 25.1.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.vaadin:vaadin-maven-plugin dependency-version: 25.1.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-20 08:38:51 +03:00
Avgustin Marinov	e9aa13e68f	Improved SDK Setup - defaults (#3027 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-17 16:48:43 +03:00
dependabot[bot]	b4a171b4db	Bump io.swagger.core.v3:swagger-annotations-jakarta (#3026 ) Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.47 to 2.2.48. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-version: 2.2.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-17 08:52:29 +03:00
dependabot[bot]	311e08744e	Bump vaadin.version from 25.0.3 to 25.1.2 (#3025 ) Bumps `vaadin.version` from 25.0.3 to 25.1.2. Updates `com.vaadin:vaadin-bom` from 25.0.3 to 25.1.2 Updates `com.vaadin:vaadin-maven-plugin` from 25.0.3 to 25.1.2 - [Release notes](https://github.com/vaadin/platform/releases) - [Commits](https://github.com/vaadin/platform/compare/25.0.3...25.1.2) --- updated-dependencies: - dependency-name: com.vaadin:vaadin-bom dependency-version: 25.1.2 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: com.vaadin:vaadin-maven-plugin dependency-version: 25.1.2 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-17 08:52:03 +03:00
Avgustin Marinov	37559cdedc	Cleanup/fix jackson 2 -> 3 migration (#3024 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-16 13:29:26 +03:00
Avgustin Marinov	000dd97bbc	Bump some action versions (#3023 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-16 09:37:36 +03:00
Avgustin Marinov	82ee1cc4e6	Fix sonar findings on 21 style (#3020 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-15 16:57:10 +03:00
Avgustin Marinov	643e96b7b1	Add explicit codeql workflow (#3019 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-15 16:01:23 +03:00
Avgustin Marinov	8a078f8ee7	Fix requireJavaVersion -> 21 (#3018 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-15 15:42:05 +03:00
Avgustin Marinov	aca64df61c	Bump JDK requirements to 21 (#3017 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-15 15:17:53 +03:00
Avgustin Marinov	8015b0e3f1	Fix sonar findings (2) (#3016 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-15 14:39:28 +03:00
Avgustin Marinov	a00374f455	Fix sonar findings (#3015 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-15 13:14:31 +03:00
dependabot[bot]	0a0ab18fa2	Bump org.bouncycastle:bcpkix-jdk18on from 1.83 to 1.84 (#3013 ) Bumps [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) from 1.83 to 1.84. - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcpkix-jdk18on dependency-version: '1.84' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-15 09:17:13 +03:00
Avgustin Marinov	1be473b22c	[#2845 ] Bump Spring boot to 4.x (#2941 ) Notes: 1. (!) Eclipselink shall be migrated to 5.0 (in 4.0.8 there are incompatible classes, e.g EJBQueryImpl doesn't implement some newer methods). In the moment is with beta (5.0.0-B12) - JUST for testing! 2. (!) Ethlo plugin doesn't work with Eclipselink 5.0, it builds with Eclipselink 4.0.8 (could be a problem) 3. Dependencies - new starters, test starters changes, some dependencies refactoring 4. Auto-configs split - package changes, some properties classes changes 5. Spring nullable org.springframework.lang.Nullable/NonNull are depecated and replaced with jspcify -> org.jspecify.annotations.Nullable/NonNull (NullMarked) 6. Lombok config - adding lombok.addNullAnnotations=jspecify - to do not mess annotations 7. Distributed lock table changes - SP_LOCK table db migration 8. Spring Retry replaced with Spring Core Retry - does repace retry in hawkbit 9. Specifications -> added Update/Delete(/Predicate) Specifications and JpaSpecificationExecutor changed 10. HawkbitBaseRepositoryFactoryBean modified to register properly 11. Jackson - 2 -> 3, package migrations, finals are not deserialized by default(enable finals deserialization, consider make non-final), too ‘smart’ tries to set complex objects instead of using non args constructor (-> @JsonIgnore), some other default configs made Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-14 11:31:41 +03:00
dependabot[bot]	23cd368e00	Bump actions/cache from 5.0.4 to 5.0.5 (#3012 ) Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v5.0.4...v5.0.5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-14 11:01:13 +03:00
Stanislav Trailov	f6cb143283	Fix force quit actions to explicitly handle 0 active actions (#3004 ) * Fix force quit actions to explicitly handle 0 active actions Signed-off-by: strailov <Stanislav.Trailov@bosch.io> * Fix dynamic rollout behaviour when using Postgres Signed-off-by: strailov <Stanislav.Trailov@bosch.io> --------- Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-04-09 10:44:06 +03:00
Stanislav Trailov	f9bb49d33e	Remove table alias on SET when stopping rollouts (#3002 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-04-07 16:56:55 +03:00
Avgustin Marinov	dd593677fd	Fix stop rollout when using PosgreSQL (2) (#3000 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2026-04-07 09:59:34 +03:00
dependabot[bot]	0431936cca	Bump docker/login-action from 4.0.0 to 4.1.0 (#2994 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-07 08:25:20 +03:00
Stanislav Trailov	5498a79534	Fix stop rollout when using PostgreSQL (#2996 ) Signed-off-by: strailov <Stanislav.Trailov@bosch.io>	2026-04-07 08:23:31 +03:00

1 2 3 4 5 ...

4026 Commits