Merge remote-tracking branch 'origin/10225-bitbucket-merge-requests' …

…into 10225-bitbucket-merge-requests

.circleci/config.yml

@@ -85,7 +85,7 @@ jobs:
           mkdir -p build
           export ENV=ci
           export PROXY_PORT=8080
-          export QUALITY_TIME_VERSION=v5.22.0
+          export QUALITY_TIME_VERSION=v5.23.0
           export COMPOSE_PATH_SEPARATOR=':'
           export COMPOSE_FILE=docker/docker-compose.yml:docker/docker-compose.ci.yml
           docker compose build && docker compose up -d

.env

@@ -1,4 +1,4 @@
 COMPOSE_PATH_SEPARATOR=:
 COMPOSE_FILE=docker/docker-compose.yml:docker/docker-compose.override.yml
 COMPOSE_PROJECT_NAME=quality-time
-QUALITY_TIME_VERSION=v5.22.0
+QUALITY_TIME_VERSION=v5.23.0

.github/ISSUE_TEMPLATE/01-bug-report.md

@@ -2,7 +2,7 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: Bug
+type: Bug
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/02-feature-request.md

@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: Feature
+type: Feature
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/epic-template--only-use-if-you-re-a-quality-time-developer-.md

@@ -2,7 +2,7 @@
 name: Epic template [only use if you're a Quality-time developer]
 about: Document what and why needs to be changed
 title: ''
-labels: Feature
+type: Feature
 assignees: ''
 
 ---
@@ -35,6 +35,5 @@ As a `role` I want to `action` so that `goal`.
 
 # Dependencies
 
-- `insert issue number of user story here` blocks `insert issue number of user story here` 
+- `insert issue number of user story here` blocks `insert issue number of user story here`
 - ...
-

.github/ISSUE_TEMPLATE/user-story-template--only-use-if-you-re-a-quality-time-developer-.md

@@ -2,7 +2,7 @@
 name: User story template [only use if you're a Quality-time developer]
 about: Document what, why and how needs to be changed
 title: ''
-labels: Feature
+type: Feature
 assignees: ''
 
 ---

.github/workflows/application-tests.yml

@@ -16,7 +16,7 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Run application tests
         env:
-          QUALITY_TIME_VERSION: v5.22.0
+          QUALITY_TIME_VERSION: v5.23.0
           ENV: ci
           PROXY_PORT: 8080
         run: |

.github/workflows/frontend.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4.2.2
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4.1.0
+        uses: actions/setup-node@v4.2.0
         with:
           node-version: ${{ matrix.node-version }}
       - name: npm install, build, and test

.github/workflows/helm-chart.yml

@@ -26,7 +26,7 @@ jobs:
           changes: ${{ env.VALUE_CHANGES }}
 
       - name: Start minikube
-        uses: medyagh/setup-minikube@v0.0.18
+        uses: medyagh/setup-minikube@v0.0.19
         with:
           driver: docker
           container-runtime: containerd

.github/workflows/release.yml

@@ -21,59 +21,59 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push Database to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components/database
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_database:${{ github.ref_name }}
           push: true
       - name: Push Renderer to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components/renderer
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_renderer:${{ github.ref_name }}
           push: true
       - name: Push Proxy to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components/proxy
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_proxy:${{ github.ref_name }}
           push: true
       - name: Push Collector to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components
           file: components/collector/Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_collector:${{ github.ref_name }}
           push: true
       - name: Push Notifier to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components
           file: components/notifier/Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_notifier:${{ github.ref_name }}
           push: true
       - name: Push API-server to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components
           file: components/api_server/Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_api_server:${{ github.ref_name }}
           push: true
       - name: Push Frontend to Docker Hub
-        uses: docker/build-push-action@v6.12.0
+        uses: docker/build-push-action@v6.13.0
         with:
           context: components/frontend
           platforms: linux/amd64,linux/arm64
           tags: ictu/quality-time_frontend:${{ github.ref_name }}
           push: true
       - name: Anchore SBOM Action
-        uses: anchore/sbom-action@v0.17.9
+        uses: anchore/sbom-action@v0.18.0
       - name: Package and push Helm chart to Docker Hub
         run: |
           cd helm

.github/workflows/sonarcloud.yml

@@ -31,7 +31,7 @@ jobs:
           version: "0.4.22"
       - name: Set up Node
         if: env.SONAR_TOKEN != null
-        uses: actions/setup-node@v4.1.0
+        uses: actions/setup-node@v4.2.0
         with:
           node-version: "22"
       - name: Collector

components/api_server/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "api-server"
-version = "5.22.0"
+version = "5.23.0"
 requires-python = ">=3.13"
 classifiers = [
     "Programming Language :: Python :: 3 :: Only",
@@ -30,7 +30,7 @@ optional-dependencies.tools = [
     "mypy==1.14.1",
     "pip-audit==2.7.3",
     "pyproject-fmt==2.5.0",
-    "ruff==0.9.1",
+    "ruff==0.9.4",
     "vulture==2.14",
 ]
 

components/api_server/requirements/requirements-dev.txt

@@ -8,9 +8,9 @@ bottle==0.13.2 \
     --hash=sha256:27569ab8d1332fbba3e400b3baab2227ab4efb4882ff147af05a7c00ed73409c \
     --hash=sha256:e53803b9d298c7d343d00ba7d27b0059415f04b9f6f40b8d58b5bf914ba9d348
     # via api-server (pyproject.toml)
-certifi==2024.12.14 \
-    --hash=sha256:1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 \
-    --hash=sha256:b650d30f370c2b724812bee08008be0c4163b163ddaec3f2546c1caf65f191db
+certifi==2025.1.31 \
+    --hash=sha256:3d5da6925056f6f18f119200434a4780a94263f10d1c21d032a6f6b2baa20651 \
+    --hash=sha256:ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe
     # via requests
 cffi==1.17.1 \
     --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \

components/api_server/requirements/requirements.txt

@@ -4,9 +4,9 @@ bottle==0.13.2 \
     --hash=sha256:27569ab8d1332fbba3e400b3baab2227ab4efb4882ff147af05a7c00ed73409c \
     --hash=sha256:e53803b9d298c7d343d00ba7d27b0059415f04b9f6f40b8d58b5bf914ba9d348
     # via api-server (pyproject.toml)
-certifi==2024.12.14 \
-    --hash=sha256:1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 \
-    --hash=sha256:b650d30f370c2b724812bee08008be0c4163b163ddaec3f2546c1caf65f191db
+certifi==2025.1.31 \
+    --hash=sha256:3d5da6925056f6f18f119200434a4780a94263f10d1c21d032a6f6b2baa20651 \
+    --hash=sha256:ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe
     # via requests
 cffi==1.17.1 \
     --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \

components/collector/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "collector"
-version = "5.22.0"
+version = "5.23.0"
 requires-python = ">=3.13"
 classifiers = [
     "Programming Language :: Python :: 3 :: Only",
@@ -30,7 +30,7 @@ optional-dependencies.tools = [
     "mypy==1.14.1",
     "pip-audit==2.7.3",
     "pyproject-fmt==2.5.0",
-    "ruff==0.9.1",
+    "ruff==0.9.4",
     "vulture==2.14",
 ]
 

components/collector/requirements/requirements-dev.txt

@@ -96,9 +96,9 @@ annotated-types==0.7.0 \
     --hash=sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53 \
     --hash=sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89
     # via pydantic
-attrs==24.3.0 \
-    --hash=sha256:8f5c07333d543103541ba7be0e2ce16eeee8130cb0b3f9238ab904ce1e85baff \
-    --hash=sha256:ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308
+attrs==25.1.0 \
+    --hash=sha256:1c97078a80c814273a76b2a298a932eb681c87415c11dee0a6921de7f1b02c3e \
+    --hash=sha256:c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a
     # via aiohttp
 beautifulsoup4==4.12.3 \
     --hash=sha256:74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051 \
@@ -779,9 +779,9 @@ python-dateutil==2.9.0.post0 \
     --hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
     --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427
     # via collector (pyproject.toml)
-pytz==2024.2 \
-    --hash=sha256:2aa355083c50a0f93fa581709deac0c9ad65cca8a9e9beac660adcbd493c798a \
-    --hash=sha256:31c7c1817eb7fae7ca4b8c7ee50c72f93aa2dd863de768e1ef4245d426aa0725
+pytz==2025.1 \
+    --hash=sha256:89dd22dca55b46eac6eda23b2d72721bf1bdfef212645d81513ef5d03038de57 \
+    --hash=sha256:c2db42be2a2518b28e65f9207c4d05e6ff547d1efa4086469ef855e4ab70178e
     # via mongomock
 sentinels==1.0.0 \
     --hash=sha256:7be0704d7fe1925e397e92d18669ace2f619c92b5d4eb21a89f31e026f9ff4b1

components/collector/requirements/requirements.txt

@@ -92,9 +92,9 @@ aiosignal==1.3.2 \
     --hash=sha256:45cde58e409a301715980c2b01d0c28bdde3770d8290b5eb2173759d9acb31a5 \
     --hash=sha256:a8c255c66fafb1e499c9351d0bf32ff2d8a0321595ebac3b93713656d2436f54
     # via aiohttp
-attrs==24.3.0 \
-    --hash=sha256:8f5c07333d543103541ba7be0e2ce16eeee8130cb0b3f9238ab904ce1e85baff \
-    --hash=sha256:ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308
+attrs==25.1.0 \
+    --hash=sha256:1c97078a80c814273a76b2a298a932eb681c87415c11dee0a6921de7f1b02c3e \
+    --hash=sha256:c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a
     # via aiohttp
 beautifulsoup4==4.12.3 \
     --hash=sha256:74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051 \

components/collector/src/source_collectors/trivy/base.py

@@ -1,6 +1,6 @@
 """Base classes for Trivy JSON collectors."""
 
-from typing import TypedDict
+from typing import NotRequired, TypedDict
 
 # The types below are based on https://aquasecurity.github.io/trivy/v0.45/docs/configuration/reporting/#json.
 # That documentation says: "VulnerabilityID, PkgName, InstalledVersion, and Severity in Vulnerabilities are always
@@ -13,28 +13,27 @@ class TrivyJSONVulnerability(TypedDict):
     """Trivy JSON for one vulnerability."""
 
     VulnerabilityID: str
-    Title: str
-    Description: str
+    Title: NotRequired[str]
+    Description: NotRequired[str]
     Severity: str
     PkgName: str
     InstalledVersion: str
-    FixedVersion: str
-    References: list[str]
+    FixedVersion: NotRequired[str]
+    References: NotRequired[list[str]]
 
 
 class TrivyJSONResult(TypedDict):
     """Trivy JSON for one dependency repository."""
 
     Target: str
-    Vulnerabilities: list[TrivyJSONVulnerability] | None  # The examples in the Trivy docs show this key can be null
+    Vulnerabilities: NotRequired[list[TrivyJSONVulnerability]]  # Examples in the Trivy docs show this key can be null
 
 
 # Trivy JSON reports come in two different forms, following schema version 1 or schema version 2.
 # Schema version 1 is not explicitly documented as a schema. The Trivy docs only give an example report.
 # See https://aquasecurity.github.io/trivy/v0.55/docs/configuration/reporting/#json.
 # Schema version 2 is not explicitly documented as a schema either. The only thing available seems to be a GitHub
 # discussion: https://github.com/aquasecurity/trivy/discussions/1050.
-# Issue to improve the documentation: https://github.com/aquasecurity/trivy/discussions/7552
 
 TriviJSONSchemaVersion1 = list[TrivyJSONResult]
 

components/collector/src/source_collectors/trivy/security_warnings.py

@@ -27,17 +27,19 @@ def _parse_json(self, json: JSON, filename: str) -> Entities:
             for vulnerability in result.get("Vulnerabilities") or []:
                 vulnerability_id = vulnerability["VulnerabilityID"]
                 package_name = vulnerability["PkgName"]
+                references = vulnerability.get("References", [])
+                url = references[0] if references else ""  # Assume the 1st link is at least as relevant as the others
                 entities.append(
                     Entity(
                         key=f"{vulnerability_id}@{package_name}@{target}",
                         vulnerability_id=vulnerability_id,
-                        title=vulnerability["Title"],
-                        description=vulnerability["Description"],
+                        title=vulnerability.get("Title", vulnerability_id),
+                        description=vulnerability.get("Description", ""),
                         level=vulnerability["Severity"],
                         package_name=package_name,
                         installed_version=vulnerability["InstalledVersion"],
                         fixed_version=vulnerability.get("FixedVersion", ""),
-                        url=vulnerability["References"][0],  # Assume the 1st link is at least as relevant as the others
+                        url=url,
                     ),
                 )
         return entities

components/collector/tests/source_collectors/trivy/base.py

@@ -53,6 +53,12 @@ def vulnerabilities_json(self, schema_version: int = 2):
                         "Severity": "LOW",
                         "References": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5432"],
                     },
+                    {
+                        "VulnerabilityID": "CVE-2025-6298",
+                        "PkgName": "This vulnerability has no optional fields",
+                        "InstalledVersion": "3.4.1",
+                        "Severity": "LOW",
+                    },
                 ],
             },
         ]

components/collector/tests/source_collectors/trivy/test_security_warnings.py

@@ -44,14 +44,25 @@ def expected_entities(self):
                 "fixed_version": "",
                 "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5432",
             },
+            {
+                "key": "CVE-2025-6298@This vulnerability has no optional fields@trivy-ci-test (alpine 3_7_1)",
+                "vulnerability_id": "CVE-2025-6298",
+                "title": "CVE-2025-6298",
+                "description": "",
+                "package_name": "This vulnerability has no optional fields",
+                "installed_version": "3.4.1",
+                "level": "LOW",
+                "fixed_version": "",
+                "url": "",
+            },
         ]
 
     async def test_warnings(self):
         """Test the number of security warnings."""
         for schema_version in self.SCHEMA_VERSIONS:
             with self.subTest(schema_version=schema_version):
                 response = await self.collect(get_request_json_return_value=self.vulnerabilities_json(schema_version))
-                self.assert_measurement(response, value="3", entities=self.expected_entities())
+                self.assert_measurement(response, value="4", entities=self.expected_entities())
 
     async def test_warning_levels(self):
         """Test the number of security warnings when specifying a level."""
@@ -75,4 +86,4 @@ async def test_fix_not_available(self):
         for schema_version in self.SCHEMA_VERSIONS:
             with self.subTest(schema_version=schema_version):
                 response = await self.collect(get_request_json_return_value=self.vulnerabilities_json(schema_version))
-                self.assert_measurement(response, value="2", entities=self.expected_entities()[1:])
+                self.assert_measurement(response, value="3", entities=self.expected_entities()[1:])

components/frontend/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:23.1.0-alpine3.20 AS compile-image
+FROM node:23.6.1-alpine3.20 AS compile-image
 
 WORKDIR /home/frontend
 COPY public /home/frontend/public
@@ -8,7 +8,7 @@ COPY .env /home/frontend
 RUN npm install --ignore-scripts && \
     npm run --ignore-scripts build
 
-FROM node:23.1.0-alpine3.20
+FROM node:23.6.1-alpine3.20
 
 LABEL maintainer="Quality-time team <quality-time@ictu.nl>"
 LABEL description="Quality-time frontend"