Merge branch 'main' into ci/security-tooling

.github/workflows/dependencies.yaml

@@ -46,13 +46,13 @@ jobs:
         run: mvn org.eclipse.dash:license-tool-plugin:license-check -Ddash.summary=DEPENDENCIES_BACKEND
 
       - name: Run install
-        uses: borales/actions-yarn@v4
+        uses: borales/actions-yarn@v5
         with:
           cmd: install
           dir: 'frontend'
 
       - name: Generate FE Dependencies file
-        uses: borales/actions-yarn@v4
+        uses: borales/actions-yarn@v5
         with:
           cmd: run dependencies:generate
           dir: 'frontend'
@@ -76,7 +76,7 @@ jobs:
         if: ${{ env.were_files_changed }} == 'true'
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           add-paths: |
             DEPENDENCIES_BACKEND

.github/workflows/docker-image-main_backend.yml

@@ -90,7 +90,7 @@ jobs:
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}

.github/workflows/docker-image-main_frontend.yml

@@ -84,7 +84,7 @@ jobs:
           tags: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.FRONTEND_IMAGE_DOCKER_HUB }}:${{ github.sha }}
 
       - name: Update Docker Hub description
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''

.github/workflows/docker-image-tag-release.yaml

@@ -90,7 +90,7 @@ jobs:
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
@@ -115,7 +115,7 @@ jobs:
           cache: 'maven'
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -164,7 +164,7 @@ jobs:
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}

.github/workflows/e2e-tests-xray_frontend.yml

@@ -52,7 +52,7 @@ jobs:
           node-version: 18.x
 
       - name: Run yarn install
-        uses: Borales/actions-yarn@v4.2.0
+        uses: Borales/actions-yarn@v5
         with:
           cmd: install # will run `yarn install` command
 

.github/workflows/eclipse-dash.yml

@@ -67,7 +67,7 @@ jobs:
           distribution: 'temurin'
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -82,3 +82,4 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           path: DEPENDENCIES_BACKEND
+          overwrite: true

.github/workflows/publish-documentation.yaml

@@ -51,7 +51,7 @@ jobs:
           node-version: 16
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}

.github/workflows/pull-request_backend.yml

@@ -79,7 +79,7 @@ jobs:
           check_name: "Unit Test Results"
 
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar

.github/workflows/release.yaml

@@ -62,7 +62,7 @@ jobs:
           json -I -f frontend/package.json -e "this.version='${{ github.ref_name }}'"
 
       - name: Prepare Helm release
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: "chore(release): Prepare release for Helm version ${{ env.HELM_VERSION }}"
           branch: chore/prepare-helm-release-${{ env.HELM_VERSION }}

.github/workflows/sonar-scan-backend.yml

@@ -45,7 +45,7 @@ jobs:
           cache: 'maven'
 
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar

.github/workflows/spotbugs.yml

@@ -53,7 +53,7 @@ jobs:
           distribution: 'temurin'
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}

.github/workflows/trivy.yml

@@ -72,7 +72,7 @@ jobs:
         run: docker build -t localhost:5000/traceability-foss:fe_${{ github.sha }} -f ./frontend/Dockerfile .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           trivyignores: "./.github/workflows/.trivyignore"
           image-ref: 'localhost:5000/traceability-foss:fe_${{ github.sha }}'
@@ -132,7 +132,7 @@ jobs:
           ref: ${{needs.prepare-env.outputs.check_sha}}
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           trivyignores: "./.github/workflows/.trivyignore"
           scan-type: "config"
@@ -178,7 +178,7 @@ jobs:
           tags: localhost:5000/traceability-foss:trivy
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           image-ref: localhost:5000/traceability-foss:trivy
           trivyignores: "./.github/workflows/.trivyignore"

.github/workflows/xray-cucumber.yaml

@@ -36,7 +36,7 @@ jobs:
           distribution: 'temurin'
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}

CHANGELOG.md

@@ -8,10 +8,23 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [UNRELEASED - DD.MM.YYYY]
 
 ### Added
+- added tombstone icon to parts table and error description in parts detail view
+- Endpoint (assets/import/report/{importJobId}) for retrieving import report
 
 ### Changed
+- actions/chache bumped from v3 to v4
+- borales/actions-yarn bumped from v4 to v5
+- peter-evans/create-pull-request bumped from v5 to v6
+- peter-evans/dockerhub-description bumped from v3 to v4
+- aquasecurity/trivy-action bumped from 0.16.1 to 0.17.0
+- sonar-maven-plugin bumped from 3.9.1.2184 to 3.10.0.2594
+- rest-assured bumped from 5.3.2 to 5.4.0
+- testcontainer-postgresql bumped from 1.19.1 to 1.19.4
+- tomcat-embed-websocket bumped from 10.1.16 to 10.1.18
+- IrsCallbackController is now validating jobId to prevent log injections from unwanted usage
 
 ### Removed
+- Investigations/Alerts for assets_as_planned parts
 
 ## [10.3.0 - 05.02.2024]
 

COMPATIBILITY_MATRIX.md

@@ -11,19 +11,22 @@
 #### Helm Version 1.3.21
 
 
-| Dependency        | Name of Service              | Version       | Helm  | Comments                                                                          |
-|-------------------|------------------------------|---------------|-------|-----------------------------------------------------------------------------------|
-| EDC               | edc-postgresql               | 12.1.6        | 2.0.0 | Enterprise Data Connector for PostgreSQL                                          |
-| IRS               | irs-helm                     | 4.0.1         | 6.9.1 | Helm charts for Item Relationship Service                                         |
-| EDC               | tractusx-connector           | 0.5.3         | 2.0.0 | Connector for Data Transfer and Registration                                      |
-| Discovery Service | discovery service            | 1.16.0        | 0.1.0 | Service for discovering and registering artifacts                                 |
-| Portal            | portal                       | 1.7.0         | 1.7.0 | Web portal for interacting with Trace-X                                           |
-| SD-Factory        | SD-Factory                   | 2.1.7         | 2.1.8 | Service Discovery Factory for managing dependencies                               |
-| Wallet            | wallet                       | 0.3.0         | 0.3.0 | Secure storage for sensitive information                                          |
-| SDE               | Simple Data Exchanger (SDE)  | 2.3.3         | 0.1.3 | Standalone service for companies to provide data in the Eclipse Tractus-X network |
-| Aspect Model      | SerialPart                   | [1.0.0,1.1.0] | -     |                                                                                   |
-| Aspect Model      | Batch                        | [1.0.0,2.0.0] | -     |                                                                                   |
-| Aspect Model      | PartAsPlanned                | [1.0.0,1.0.1] | -     |                                                                                   |
-| Aspect Model      | PartSiteInformationAsPlanned | [1.0.0]       | -     |                                                                                   |
-| Aspect Model      | JustInSequencePart           | [1.0.0]       | -     |                                                                                   |
-| Aspect Model      | TractionBatteryCode          | [1.0.0]       | -     |                                                                                   |
+| Dependency        | Name of Service              | Version                         | Helm  | Comments                                                                          |
+|-------------------|------------------------------|---------------------------------|-------|-----------------------------------------------------------------------------------|
+| EDC               | edc-postgresql               | 12.1.6                          | 2.0.0 | Enterprise Data Connector for PostgreSQL                                          |
+| IRS               | irs-helm                     | 4.0.1                           | 6.9.1 | Helm charts for Item Relationship Service                                         |
+| EDC               | tractusx-connector           | 0.5.3                           | 2.0.0 | Connector for Data Transfer and Registration                                      |
+| Discovery Service | discovery service            | 1.16.0                          | 0.1.0 | Service for discovering and registering artifacts                                 |
+| Portal            | portal                       | 1.7.0                           | 1.7.0 | Web portal for interacting with Trace-X                                           |
+| SD-Factory        | SD-Factory                   | 2.1.7                           | 2.1.8 | Service Discovery Factory for managing dependencies                               |
+| Wallet            | wallet                       | 0.3.0                           | 0.3.0 | Secure storage for sensitive information                                          |
+| SDE               | Simple Data Exchanger (SDE)  | 2.3.3                           | 0.1.3 | Standalone service for companies to provide data in the Eclipse Tractus-X network |
+| Aspect Model      | SerialPart                   | [1.0.0,1.1.0,2.0.0,3.0.0)       | -     |                                                                                   |
+| Aspect Model      | Batch                        | [1.0.1,1.0.2,2.0.0,2.0.1,3.0.0) | -     |                                                                                   |
+| Aspect Model      | PartAsPlanned                | [1.0.0,1.0.1,2.0.0)             | -     |                                                                                   |
+| Aspect Model      | PartSiteInformationAsPlanned | [1.0.0]                         | -     |                                                                                   |
+| Aspect Model      | JustInSequencePart           | [1.0.0,2.0.0,3.0.0)             | -     |                                                                                   |
+| Aspect Model      | TractionBatteryCode          | [1.0.0]                         | -     |                                                                                   |
+| Aspect Model      | SingleLevelUsageAsBuilt      | [1.0.1]                         | -     |                                                                                   |
+| Aspect Model      | SingleLevelBomAsBuilt        | [1.0.0, 2.0.0)                  | -     |                                                                                   |
+| Aspect Model      | SingleLevelBomAsPlanned      | [1.0.1, 1.1.0)                  | -     |                                                                                   |

DEPENDENCIES_BACKEND

@@ -22,6 +22,8 @@ maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlyd
 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.0, Apache-2.0, approved, #10346
 maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
 maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.0, Apache-2.0, approved, #7942
+maven/mavencentral/com.github.java-json-tools.jackson-coreutils/jackson-coreutils-equivalence/2.0, , restricted, clearlydefined
+maven/mavencentral/com.github.java-json-tools.jackson-coreutils/jackson-coreutils/2.0, , restricted, clearlydefined
 maven/mavencentral/com.github.java-json-tools/btf/1.3, Apache-2.0 OR LGPL-3.0-or-later, approved, #2721
 maven/mavencentral/com.github.java-json-tools/jackson-coreutils-equivalence/1.0, LGPL-3.0 OR Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.java-json-tools/jackson-coreutils/2.0, Apache-2.0 OR LGPL-3.0-or-later, approved, #2719
@@ -111,10 +113,13 @@ maven/mavencentral/io.opentelemetry/opentelemetry-api/1.29.0, Apache-2.0, approv
 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.25.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.29.0, Apache-2.0, approved, #10090
 maven/mavencentral/io.rest-assured/json-path/5.3.2, Apache-2.0, approved, #9261
+maven/mavencentral/io.rest-assured/json-path/5.4.0, Apache-2.0, approved, #12042
 maven/mavencentral/io.rest-assured/json-schema-validator/5.4.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.rest-assured/rest-assured-common/5.3.2, Apache-2.0, approved, #9264
-maven/mavencentral/io.rest-assured/rest-assured/5.3.2, Apache-2.0, approved, #9262
+maven/mavencentral/io.rest-assured/rest-assured-common/5.4.0, Apache-2.0, approved, #12039
+maven/mavencentral/io.rest-assured/rest-assured/5.4.0, Apache-2.0, approved, #12040
 maven/mavencentral/io.rest-assured/xml-path/5.3.2, Apache-2.0, approved, #9267
+maven/mavencentral/io.rest-assured/xml-path/5.4.0, Apache-2.0, approved, #12038
 maven/mavencentral/io.smallrye/jandex/3.0.5, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.8, Apache-2.0, approved, #5947
 maven/mavencentral/io.swagger.core.v3/swagger-annotations/2.2.16, Apache-2.0, approved, #11362
@@ -156,11 +161,11 @@ maven/mavencentral/org.apache.commons/commons-compress/1.23.0, Apache-2.0 AND BS
 maven/mavencentral/org.apache.commons/commons-lang3/3.11, Apache-2.0, approved, CQ22642
 maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.apache.commons/commons-text/1.10.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.apache.groovy/groovy-json/4.0.11, Apache-2.0, approved, #7411
+maven/mavencentral/org.apache.groovy/groovy-json/4.0.16, Apache-2.0, approved, #7411
 maven/mavencentral/org.apache.groovy/groovy-json/4.0.17, Apache-2.0, approved, #7411
-maven/mavencentral/org.apache.groovy/groovy-xml/4.0.11, Apache-2.0, approved, #10179
+maven/mavencentral/org.apache.groovy/groovy-xml/4.0.16, Apache-2.0, approved, #10179
 maven/mavencentral/org.apache.groovy/groovy-xml/4.0.17, Apache-2.0, approved, #10179
-maven/mavencentral/org.apache.groovy/groovy/4.0.11, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742
+maven/mavencentral/org.apache.groovy/groovy/4.0.16, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742
 maven/mavencentral/org.apache.groovy/groovy/4.0.17, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742
 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527
 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.13, Apache-2.0, approved, CQ23528
@@ -169,12 +174,9 @@ maven/mavencentral/org.apache.httpcomponents/httpmime/4.5.13, Apache-2.0, approv
 maven/mavencentral/org.apache.logging.log4j/log4j-api/2.20.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.20.0, Apache-2.0, approved, #8799
 maven/mavencentral/org.apache.mina/mina-core/2.1.6, Apache-2.0, approved, #3289
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.16, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.18, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.18, Apache-2.0, approved, #6997
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.16, Apache-2.0, approved, #7920
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.18, Apache-2.0, approved, #7920
-maven/mavencentral/org.apache.tomcat/tomcat-annotations-api/10.1.16, Apache-2.0, approved, #8196
 maven/mavencentral/org.apache.tomcat/tomcat-annotations-api/10.1.18, Apache-2.0, approved, #8196
 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.aspectj/aspectjweaver/1.9.21, Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND BSD-3-Clause AND Apache-1.1, approved, #7695
@@ -434,8 +436,8 @@ maven/mavencentral/org.springframework/spring-web/6.0.16, Apache-2.0, approved,
 maven/mavencentral/org.springframework/spring-webmvc/6.0.16, Apache-2.0, approved, #5944
 maven/mavencentral/org.testcontainers/database-commons/1.18.3, MIT, approved, clearlydefined
 maven/mavencentral/org.testcontainers/jdbc/1.18.3, MIT, approved, clearlydefined
-maven/mavencentral/org.testcontainers/junit-jupiter/1.19.1, MIT, approved, #10344
-maven/mavencentral/org.testcontainers/postgresql/1.19.1, MIT, approved, #10350
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.4, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/postgresql/1.19.4, MIT, approved, #10350
 maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #7938
 maven/mavencentral/org.thymeleaf/thymeleaf-spring6/3.1.2.RELEASE, Apache-2.0, approved, #10581
 maven/mavencentral/org.thymeleaf/thymeleaf/3.1.2.RELEASE, Apache-2.0, approved, CQ23960