All notable changes to this project will be documented in this file.
v5.0.1 (2025-02-24)
Bump org.openrewrite.rewrite (1439f5d)
Bump org.xerial:sqlite-jdbc (3409478)
Fix null pointer exception while storing in-progress workflow jobs (c79b980)
Update changelog (b3dff93)
Add @patricialarisa to contributors list for bug reports (bef8609)
v5.0.0 (2025-02-10)
- Introduce SQLite db as second level cache for workflows (67b5fcb)
Reduce clutter from the dashboard (7363ea4)
Introduce individual view preference for user without build monitor (8c30d9d)
Introduce API endpoint to fetch workflow run metrics as timeseries data for given repo (b6e4b0b)
Introduce /config/repository-names to fetch configured repo names (4e48ecc)
Introduce metrics dashboard with key metrics to monitor workflow reliability and performance (668132f)
Send notification to MS Teams workflow (30bd48e)
Add "Content-Length" in HTTP POST request header to fix notifications to MS Teams workflows (9187337)
Downgrade mockoon cli to 8.4.0 to fix api fetch issue (46aaa4f)
Refactor backend code to use better Domain Driven design (972adb9)
Refactor initialization of restTemplate (fac50d2)
Replace spring RestTemplate with RestClient (3624297)
Fix flaky test (3c5887f)
Add missing unit tests for backend (901bb51)
Fix failed forntend test due to year change (aab346a)
Bump docker/build-push-action from 5 to 6 (58c93dd)
Bump org.openrewrite.rewrite (aff9f82)
Bump org.springframework.boot (17f4e46)
Bump com.github.spotbugs (801a586)
Bump com.nimbusds:nimbus-jose-jwt (b019e5b)
Bump alpine from 3.20.2 to 3.20.3 (48f8d22)
Upgrade dependencies version (676e681)
Bump @vitejs/plugin-vue (3845013)
Bump gradle-update/update-gradle-wrapper-action from 1 to 2 (66f787d)
Bump io.freefair.lombok (e7a2df7)
Bump eslint-plugin-vue (16bb18c)
Bump io.spring.dependency-management (5885285)
Patch management (e02e744)
Cleanup dependency suppress file (b5657aa)
Bump alpine from 3.20.3 to 3.21.0 (d9db552)
Adding Maintainers list (b9cfab6)
Adding OSSMETADATA (ab8b1d0)
Adding badge in readme (939e741)
Bump alpine from 3.21.0 to 3.21.2 (82ca48c)
Patch managment for backend and frontend codebase (63f41f8)
Bump the npm-version-updates group across 1 directory with 3 updates (bd3a225)
Patch management for backend and frontend codebase (3f4586c)
Bump org.xerial:sqlite-jdbc (8b410c9)
Migrate eslint to v9.x.x from v8.x.x (6cae9a6)
Upgrade mockoon cli to v9.1.0 (426c604)
Mark MS_TEAMS_NOTIFICATIONS_WEB_HOOK_URL as deprecated (1108f07)
Bump dependabot/fetch-metadata (4cf29e5)
Skip OWASP depency check for rewrite config (749c0db)
Exclude config package from mutation test (125d3de)
Optimise checks workflow by splitting checks specific for changes (cbfdac8)
Migrate to actions/cache from pat-s/always-upload-cache GitHub action (1e64304)
Add only unique commit messages to changelog (7f3261a)
Update changelog (9be8624)
Add @aronhoyer to contributors for design (718e88d)
Add @fabasoad to contributors list for bug reports (6b767fb)
Add @marczimmermann1234 to contributors list for bug fixes (5e62d15)
Add @sumanmaity112 to contributors list (da02429)
v4.1.4 (2024-08-14)
Enable dependabot groups for automated patch management (0142c7f)
Bump dependencies to latest version (272de32)
Bump org.springframework.boot (4c6f92d)
Bump @vitejs/plugin-vue (f48b4c7)
Bump org.openrewrite.rewrite (ba341b2)
Bump vite-plugin-vuetify (db27221)
Bump alpine from 3.20.1 to 3.20.2 (606c121)
Bump the npm-version-updates group across 1 directory with 4 updates (a08c1f2)
- Temporarily downgrade nvm to 0.39.7 (730e2ff)
- Update changelog (3c629cc)
v4.1.3 (2024-07-12)
Enable dependabot groups for automated patch management (8a1635d)
Downgrade org.owasp.dependencycheck to v8.4.3 (c9edb16)
Fix dependabot config (dbe56bd)
Bump alpine from 3.20.0 to 3.20.1 (a6f6ef0)
Bump dependabot/fetch-metadata from 2.1.0 to 2.2.0 (917e65c)
- Update changelog (9af120b)
v4.1.2 (2024-06-02)
Bump alpine from 3.19.1 to 3.20.0 (3c3cff0)
Bump vuetify from 3.5.15 to 3.6.8 (3b93a96)
Fix flaky tests (9fb18f6)
- Update changelog (344d850)
v4.1.1 (2024-05-12)
- Display correct version on dashboard (2c7dac7)
- Update changelog (f2fab44)
v4.1.0 (2024-05-01)
- Update GitHub action modules (ab873a6)
v4.0.2 (2024-04-06)
Update com.nimbusds:nimbus-jose-jwt version to fix CVE-2023-52428 (804500a)
Remove OWASP dependency suppression for CVE-2023-45960 (fd39229)
Suppress CVEs related to openrewrite (4ec4070)
Bump actions/cache from 3 to 4 (75fa1af)
Bump alpine from 3.19.0 to 3.19.1 (9a0d1e9)
Bump dorny/paths-filter from 2 to 3 (ed937fa)
Bump peter-evans/dockerhub-description from 3 to 4 (7f23fa7)
Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 (af6fdea)
Integrate openwrite to use modernize java code (de3c084)
Remove explicit versioning for logback (5737fa3)
Update .talismanrc to suppress sha1-* (7744e62)
- Update changelog (37d89db)
v4.0.1 (2024-01-28)
- Read correct application version from manifest file (7e37eea)
- Add explicit cache restore keys for GitHub action (f61a75c)
- Update changelog (9626a0f)
v4.0.0 (2023-12-22)
- Update logback version to fix CVE-2023-6378 (bb33755)
- Enable java virtual threads to improve performance (19ac181)
Add mock backend data to run backend server locally (7d59cb7)
Remove unnecessary nvd nist cache restore key (8fdd8f2)
Bump github/codeql-action from 2 to 3 (bc28f6f)
Bump actions/upload-artifact from 3 to 4 (b72cd99)
Update allowed paterns in .talismanrc (980ad1f)
- Update changelog (e2605b7)
v3.3.7 (2023-10-25)
- Suppress CVE-2023-45960 and remove CVE-2023-2976 from supression list (787ed14)
Update changelog (e9dd35a)
Link GitHub username on changelog (3ce1f1c)
Add @globaltopmedia to contributors list for bug reports (6c7988b)
v3.3.6 (2023-10-09)
- Fix five months is seconds calculation (b8269c2)
- Update npm dependencies to fix security vulnerabilities (6430114)
- Refactor cookie expire time calculation with the help of java.time.Duration class (e21e8ea)
Patch management for GitHub action and vuetify (9e61a01)
Bump alpine from 3.18.3 to 3.18.4 (ce08f38)
Update talisman to v1.31.0 (211eecf)
Run Pull Request workflow for synchronize event (426b4fe)
Run trivy and checks workflow for pull request synchronize event (71ae756)
Update changelog (7f82e37)
Add @kvashchuka to contributors list (35ec0f1)
Fix all-contributors badge link (31cef16)
v3.3.5 (2023-09-17)
- Fix GitHub Oauth2 logout process (6fd71e7)
- Remove usage of deprecated methods from Spring security (0314ca3)
Fix PMD warnings (aa55296)
Bump alpine from 3.18.2 to 3.18.3 (e2654ac)
Bump actions/checkout from 3 to 4 (4cc7d0e)
- Update changelog (f9ad74b)
v3.3.4 (2023-07-25)
- Remove CVE-2023-35116 from suppression list (d1955ca)
Bump actions/upload-pages-artifact from 1 to 2 (8e48c93)
Bump dependabot/fetch-metadata from 1.5.1 to 1.6.0 (dd15953)
v3.3.3 (2023-07-12)
Rename security-checks paramter to scanners for trivy (3864199)
Suppress CVE-2023-2976 and CVE-2023-35116 (ed38c7e)
Temporarily omit dev and optional frontend dependencies from checks as fix is not available for CVE-2022-25883 and CVE-2023-26115 (c49332e)
Fix formatting issue (d489df2)
Bump alpine from 3.18.0 to 3.18.2 (97b553d)
Update frontend dependencies (f45599d)
Fix formatting for index.html (ca446d5)
Update changelog (6156577)
Add @bennetelli to contributors list for bug reports (894c117)
v3.3.2 (2023-06-10)
Build filter on preference page while updating other configs (ff7f352)
Fix typo for automatic page refresh interval (d2ccca4)
- Generate changelog url correctly (f12fdfa)
- Update changelog (367d53d)
v3.3.1 (2023-06-09)
- Explicitly upgrade libssl3 and libcrypto3 for fix CVE-2023-2650 (1d2ddbd)
- Generalise grid cell (cbf7105)
- Display relative time hint and hide icon in white color for light theme (003de60)
- Bump dependabot/fetch-metadata from 1.4.0 to 1.5.1 (aac47a3)
Update changelog (0af1ac1)
Update sample screenshots (f0b99e9)
Add @pbonner-1 to contributors list (a3bbcb6)
v3.3.0 (2023-05-20)
(#216) Enrich in cctray json and xml response with triggeredEvent (6ae5f0d)
(#216) Introduce possibility to filter builds based on events (58d4595)
Display relative time difference for failed workflow jobs (d70573f)
Display relative time difference for exposed secrets and code stadard violation dashboard (73dda74)
- Add missed GitHub merge_group and schedule event (a49ddc1)
Use alpine 3.18.0 to fix cves related to libssl and libcrypto (74f8a23)
Provide link for CVE on changelog file (3f220bb)
Deploy demo website to GitHub pages (86b239f)
Update vuetify and jsdom to latest version (6a800ec)
Cleanup unnecessary fixtures (9427137)
Deploy to GitHub pages only when new version is released on docker (e719661)
Use git-cliff to generate changelog as part of CI process (8d367d5)
Update git cliff config to skip talisman suppression commits (c8aed12)
Add write permission for update_changelog job (ac7ef43)
Clone main branch with all git history while generating changelog (0dead73)
Add demo link on Readme (a89d77a)
Add @bennetelli to contributors list for ideas (a36fc32)
v3.2.1 (2023-04-29)
- Hide password on login page for basic authentication (5a30dbc)
- Update @mockoon/cli and vuetify to latest version (67501a7)
v3.2.0 (2023-04-27)
- Introduce long-awaited dark theme (ae0fbc1)
Remove CVE-2022-1471 from dependency check suppression file (c865114)
Explicitly upgrade libssl3 and libcrypto3 for fix CVE-2023-1255 (53b5b77)
- Enable response compression for fast page load (da8a7e9)
- Revamp UI (257c09d)
- Mock authentication with mockoon when running only frontend locally (1efa6df)
Add @svenfinke for ideas (f459c20)
Update changelog for v3.2.0 (8bffbc1)
v3.1.1 (2023-04-17)
- Add startup failure state to run conclusion (8b8ac04)
Add @valentin-krasontovitsch to contributors list (44e9772)
Update changelog for v3.1.1 (b5269ad)
v3.1.0 (2023-04-01)
Add support to periodic scan for enabled features (3694887)
(#162) Display gitactionboard version on dashboard (ad8df47)
Fix CVE-2023-0464 related to libcrypto3 and libssl3 (03bb494)
Fix CVE-2022-1471 related to snakeyaml (1a68791)
v3.0.7 (2023-03-24)
- Update changelog for v3.0.7 (5b48cfc)
v3.0.6 (2023-02-15)
Enable CSRF protection for APIs (204df4e)
Provide correct error message when REPO_OWNER_NAME config is missing (94515a9)
Suppress CVE-2022-3064 (8e1174c)
Remove explicit libssl3 libcrypto3 upgrade from dockerfile (2427914)
Remove CVE-2022-3064 from suppression list (5675197)
Fix cve related to libcrypto3 and libssl3 (2eb1a47)
Manual patch management for frontend (7c2a2b2)
Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6 (e27c20f)
Bump docker/build-push-action from 3 to 4 (c85b856)
Fine tune paths for codeql analysis (7ef98e8)
Run dependency checks for pull request created by dependabot (3575ae3)
Remove explicit toolVersion for checkstyle and pmd plugin (c16775f)
Suppress shellcheck rule SC2317 due to false positivity (ccbc785)
Refer only major version for node in nvmrc (6818368)
Skip talisman verification for scheduled checks (4c6031d)
Suppress talisman warnings (bc599f2)
Update talisman version (686f0af)
- Update changelog for v3.0.6 (920b07c)
v3.0.5 (2023-01-07)
Suppress CVE-2022-1471 (fe3fc21)
Upgrade libssl3 and libcrypto3 to fix CVE-2022-3996 (a211f90)
- Refactor java code (4fd6792)
Update frontend dependencies version (80b3aae)
Use node v18.21 instead of v16.17 (15945df)
Update vite version to v4 (a0c576c)
Configure boring cyborg (5961013)
Merge backend and frontend PR automerge workflow (775714e)
Suppress talisman warnings (064aa16)
Use checks workflow to verify talisman for PR (ec4e08b)
Run checks for PR review_requested, edited and ready_for_review type (f15e89d)
Update GitHub runner to use ubuntu-22.04 (5c93889)
Remove uses of deprecated properties (5cd4dfc)
Update hadolint version to v2.12.0 (6ce2626)
Enable CodeQL analysis (60934ce)
Update talisman version (8bb18e5)
Update talisman checksum (8482710)
Delombok backend java before codeql analysis (2b6eaf3)
Update documentation (c9576cb)
Update contributors list style (70fd2e6)
Update license copyright year (b1338d3)
Update changelog for v3.0.5 (46eea77)
v3.0.4 (2022-12-01)
- Allow everyone to access resources from /assets (64c1e3f)
- Remove unnecessary whitelisted endpoint from security config (2d7d4a4)
Bump gradle version to v7.6 (10f0be1)
Migrate to mockserver from wiremock (661d10f)
Upgrade spring boot to v3 (124bdbb)
Manual patch management (668a795)
- Suppress talisman warnings (3490e27)
Fix typo (698134d)
Add @svenfinke to contributors list (f1a634a)
Update changelog for v3.0.4 (b05a932)
v3.0.3 (2022-11-20)
- Suppress CVE-2022-42920 (fcd4ed8)
- Use custom build JRE to reduce the docker image size (c404c21)
- Bump dependabot/fetch-metadata from 1.3.4 to 1.3.5 (5496c1b)
Suppress talisman warnings (b0a003c)
Start frontend development server on static 8081 port (f07293a)
Ignore dist and coverage folder during eslint check (47e8ffa)
v3.0.2 (2022-11-03)
- Update spring security version to fix CVE-2022-31690, CVE-2022-31692 (29177d0)
Update lombok, pmd, checkstyle and spotbugs gradle plugin (262c943)
Bump pat-s/always-upload-cache from 3.0.1 to 3.0.11 (af1f71f)
Add issue templates (cfd0c1b)
Enforce eslint standard ruleset for frontend code (fc80f8c)
Bump @vue/compiler-sfc in /frontend (9f70e8f)
Bump stylelint from 14.13.0 to 14.14.0 in /frontend (d1becc0)
Bump vue from 3.2.40 to 3.2.41 in /frontend (381cf3d)
Bump stylelint-config-standard in /frontend (3ab85f2)
Bump com.github.spotbugs from 5.0.8 to 5.0.12 in /backend (086654a)
Integrate trivy for docker image scan (76d7dce)
Bump com.github.ben-manes.versions in /backend (97aa44a)
Change default commit message type for dependabot (647876c)
Add name for trivy workflow (d6e4026)
Suppress talisman warnings (494a1fd)
Remove explicit tool version customisation for spotbugs (e2b8695)
Remove uses of deprecated set-output command (beee882)
Fix typo (d557402)
Migrate to vite from vue-cli-service for frontend (3422bb3)
Add contributions guide (75089fd)
Add available features on Readme (c99f136)
Add different shields badges on Readme (d57d352)
Update changelog for v3.0.2 (d73b2cc)
v3.0.1 (2022-10-08)
Update docker base image to fix CVE-2022-2097 and CVE-2022-37434 (3b839b0)
Update jackson version to fix CVE-2022-42003 (67e5d04)
Bump stylelint from 14.12.0 to 14.12.1 in /frontend (68aca49)
Bump io.spring.dependency-management in /backend (e32edb0)
Bump org.springframework.boot in /backend (aabd325)
Suppress talisman warnings (17dda00)
Fix path issue for nvd cache (c063b72)
Bump core-js from 3.25.2 to 3.25.3 in /frontend (4a67d1d)
Bump snakeyaml from 1.32 to 1.33 in /backend (cc97932)
Bump pitest-junit5-plugin from 1.0.0 to 1.1.0 in /backend (b7ba8d3)
Bump vue from 3.2.39 to 3.2.40 in /frontend (660ad2c)
Bump vm2 from 3.9.10 to 3.9.11 in /frontend (082965d)
Bump stylelint from 14.12.1 to 14.13.0 in /frontend (d162802)
Update talisman and handolint version (09eac8c)
Update talisman checksum (04e799d)
Bump core-js from 3.25.3 to 3.25.4 in /frontend (dc93911)
Bump core-js from 3.25.4 to 3.25.5 in /frontend (fcbc037)
Bump eslint-plugin-vue from 9.5.1 to 9.6.0 in /frontend (f89384e)
Bump dependabot/fetch-metadata from 1.3.3 to 1.3.4 (42ea04d)
Bump archunit-junit5 from 0.23.1 to 1.0.0 in /backend (7cc9dc6)
Always add current changes on the top of changelog (e0222f5)
Configure semantic-build-versioning plugin to auto update version based on commit message (1d2baed)
Fine tune changelog generator script (92fa491)
v3.0.0 (2022-09-21)
Rename /available-auths to /config endpoint for future use case (96552fc)
Use /workflow-jobs as default dashboard path instead of /dashboard (d290650)
Display secrets scan alerts on dashboard (34e339d)
Send notifications for exposed secrets (20896e8)
Send notification for code standard violations (032f12a)
Display code standard violations on dashboard (19e279d)
Display page title on the top of dashboard (939c0ac)
- Fix alignment issue with menu items (bbb48a3)
- Update snakeyaml version to fix CVE-2022-25857 (c803bfb)
Display GitHub action icon for workflow jobs dashboard (cb7aa3b)
Rename Secret vue component (e645aa3)
- Share sever cache acorss users (293c043)
Introduce stylelint to format css styles with in vue component (05de1c3)
Improve styling of show/hide button (8c75fc3)
- Enable parallel executions for junit tests (e94b315)
Update frontend dependencies (abd749c)
Use mockoon to run local mock api server for ease frontend development (1be671e)
Bump terser from 5.13.1 to 5.14.2 in /frontend (#8) (e509e9a)
Add changelog url for GitHub release (b0f5e89)
Enable dependabot for automatic patch management (3be168f)
Allow dependabot to auto merge PR (6d37a00)
Bump io.spring.dependency-management in /backend (9d68892)
Fix talisman issue (708bd03)
Fail build incase of lint warnings related to frontend code (0e88b17)
Bump vue from 3.2.37 to 3.2.39 in /frontend (ad3e224)
Fix talisman warnings (9ac45b3)
Bump snakeyaml from 1.31 to 1.32 in /backend (08c83a4)
Bump com.diffplug.spotless from 6.7.2 to 6.11.0 in /backend (4452763)
Introduce PI Mutation test for backend (63d77f5)
Fix build workflow (4a60781)
Bump org.owasp.dependencycheck in /backend (398e130)
Bump eslint-plugin-vue from 9.3.0 to 9.5.1 in /frontend (dd679d4)
Bump core-js from 3.24.0 to 3.25.2 in /frontend (8b8b57b)
Suppress talisman warnings (c125be2)
Split pull request workflow for backend and frontend (fb62004)
Update test data for local frontend (690213d)
Update dependency check suppression list (8b38cf9)
Update node version v16.17.0 (6dcfdc0)
Update gradle version to v7.5.1 (a6d3978)
Enable dependabot for GitHub actions and docker dependencies (5662baa)
Bump pat-s/always-upload-cache from 2.1.5 to 3.0.1 (#39) (e640969)
Update GitHub action dependencies (937e12e)
Update TOC on readme and fix typos (8040610)
Add sweiler and dependabot to contributors list (c7fbdd1)
Update sample screenshots (1f91d60)
Remove explicit width from images on readme (fd91a33)
Update changelog for v3.0.0 (1e28b07)
v2.1.0 (2022-06-28)
- Send notification on MS Teams in case of build failure (2f3e004)
Remove usage of depcretated WebSecurityConfigurerAdapter (5555d18)
Use java 17 feature, syntax (e0a7a10)
Use spotless to lint java code instead of (5a85ca7)
Fix path for java 17 for build task (721f6f6)
Accomodate chore as a commit type (e4382ec)
Update Readme (728e429)
Add instruction link to create incoming webhook connection for MS teams (6036bdd)
Update changelog (3b09ef7)
v2.0.7 (2022-05-25)
- Update spring dependency to fix CVE-2022-22970, CVE-2022-22978 and CVE-2022-29885 (c632e04)
- Update changelog (e4a9879)
v2.0.6 (2022-05-17)
Make page scrollable so that side bar is always accessible (d5cf429)
Log correct information when authentication is disabled (e492ce0)
Move to amazoncorretto docker base image from openjdk to fix security vulnerabilities (d1f7cf5)
Update npm dependencies to fix security vulnerabilities (534ce21)
- Create docker tag with minor version (65be76c)
v2.0.5 (2022-04-25)
- Update spring dependencies to fix CVE-2022-22968 (0aeb21f)
Update java dependencies (98d1de8)
Update other java dependencies (edf41dc)
Update docker metadata GitHub action version (a5334c8)
- Update changelog (351c759)
v2.0.4 (2022-04-01)
- Update spring boot version to fix CVE-222-22965 (359147d)
- Update changelog (8a7ff6a)
v2.0.3 (2022-03-31)
- Intermittent solution to prevent RCE with Spring Core (52c17b5)
- Update dependency to fix CVE-2022-23181 (5140721)
- Update cache key for nvd nist on GitHub action (36c97a2)
- Update changelog (e498f8a)
v2.0.2 (2022-03-31)
- Update dependency to fix CVE-2020-36518 (3926e50)
- Update changelog (62012e8)
v2.0.1 (2022-02-22)
Use correct syntax for release tag name (b99793d)
Format changelog as part of generation command (bad8dea)
v2.0.0 (2022-02-18)
- Remove ability to configure dashboard using query params (ea53408)
Introduce basic authentication (abfdeab)
Use client token to fetch workflow details (e769e77)
Introduce login page (6fe267f)
Explicitly delete access_token cookie on logout (b52caa3)
Hide logout button for guest users (a7e1c22)
Allow only authenticate user to access private pages when authentication is enabled or unknown (990ccb9)
Display spinner till page is fully loaded (4ebd072)
Clear cookies when user click on logout (9b7b0ee)
Display error message if login credentials are wrong (e6cf144)
Display happy octopus when there is no failed build and user doesn't want to see healthy build (670034b)
Allow guest user to fetch files from /img folder (9e759ff)
Respect servlet context config while serving resources (3a0a215)
- Clear interval timer when user moves away from dashboard page (2dea455)
- Remove global variables (d9762b4)