Upgrading to v0.7.0-alpha.9

• Removed componentMetaInformation fields from /api/v1/component/* endpoints. The data (publish timestamp, hashes from repositories) is now available as package_metadata and package_artifact_metadata in /api/v2/components. Refer to the API v2 OpenAPI spec for details.
• Introduced expand-able fields in API v2. Certain fields are now excluded from responses by default, but can be expanded using the expand query parameter. This impacts the /api/v2/components and /api/v2/projects/{uuid}/components endpoints, where metrics and occurrence_count must be explicitly expanded going forward. Refer to the API v2 OpenAPI spec for details.
• Removed LDAP synchronization job. The LDAP integration no longer asynchronously synchronizes users and team memberships. Instead, synchronization happens ad-hoc when users successfully log in. This matches the behavior of the OIDC integration.
• Simplified configuration surface of scheduled tasks. The following configuration properties are no longer used:
  • (alpine|dt).worker.threads
  • (alpine|dt).worker.thread.multiplier
  • (alpine|dt).worker.pool.drain.timeout.duration
  • dt.task.internal.component.identification.lock.max.duration
  • dt.task.internal.component.identification.lock.min.duration
  • dt.task.vulnerability.analysis.lock.max.duration
  • dt.task.vulnerability.analysis.lock.min.duration
  • dt.task.epss.mirror.lock.max.duration
  • dt.task.epss.mirror.lock.min.duration
  • dt.task.internal.component.identification.cron
  • dt.task.metrics.maintenance.lock.max.duration
  • dt.task.metrics.maintenance.lock.min.duration
• Added support for rejected / withdrawn vulnerabilities. The internal analyzer no longer reports vulnerabilities rejected or withdrawn by their source. The UI now shows a Rejected badge for such vulnerabilities.