Merged
Conversation
Signed-off-by: nscuro <nscuro@protonmail.com>
Signed-off-by: nscuro <nscuro@protonmail.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the repository’s Postgres schema snapshot (schema.sql) to reflect recent database changes, and removes legacy Java model artifacts related to the old vulnerability alias representation.
Changes:
- Refresh
schema.sqlwith updated procedures, tables/indexes, and the newVULNERABILITY_ALIAS-based aliasing model. - Adjust
clone_projectimplementation details (constraint deferral andIS_LATESTupdates timing). - Remove the deprecated
VulnerabilityAliasmodel and the transientaliasesfield fromVulnerability.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| commons-persistence/src/main/resources/schema.sql | Updates schema snapshot: procedures, clone logic adjustments, new tables, alias model/table migration, and refreshed partitions/indexes/constraints. |
| commons-persistence/src/main/java/org/dependencytrack/persistence/model/VulnerabilityAlias.java | Removes legacy JPA model for VULNERABILITYALIAS. |
| commons-persistence/src/main/java/org/dependencytrack/persistence/model/Vulnerability.java | Removes now-unused transient aliases property accessors. |
Comments suppressed due to low confidence (2)
commons-persistence/src/main/resources/schema.sql:482
SET CONSTRAINTS ALL DEFERREDchanges constraint checking mode for the remainder of the surrounding transaction (not just inside this function). Ifclone_projectis called from a larger transaction, this can unintentionally defer FK checks for unrelated work after the call. Consider resetting toSET CONSTRAINTS ALL IMMEDIATEbefore returning, or otherwise ensuring/ documenting thatclone_projectis always executed in its own transaction.
-- Defer checking of FK constraints to commit time.
-- We want clones to be atomic, but due to the multiple tables
-- with FKs being involved, that has a potential for lock contention.
SET CONSTRAINTS ALL DEFERRED;
commons-persistence/src/main/resources/schema.sql:2973
- The init script hard-codes a single daily partition for
DEPENDENCYMETRICS/PROJECTMETRICSwith a fixed timestamp range. Since thisschema.sqlis used to initialize test/dev Postgres instances, these partitions will become stale quickly and inserts may fail once timestamps fall outside the covered range. Consider adding a DEFAULT partition (or a wider initial range) in the init script, or generating/attaching partitions dynamically during startup instead of baking specific dates into the schema snapshot.
ALTER TABLE ONLY public."DEPENDENCYMETRICS" ATTACH PARTITION public."DEPENDENCYMETRICS_20260226" FOR VALUES FROM ('2026-02-25 23:00:00+00') TO ('2026-02-26 23:00:00+00');
ALTER TABLE ONLY public."PROJECTMETRICS" ATTACH PARTITION public."PROJECTMETRICS_20260226" FOR VALUES FROM ('2026-02-25 23:00:00+00') TO ('2026-02-26 23:00:00+00');
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Update DB schema with recent changes.
Addressed Issue
N/A
Additional Details
N/A
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR implements an enhancement, and I have provided tests to verify that it works as intendedThis PR introduces changes to the database model, and I have updated the migration changelog accordinglyThis PR introduces new or alters existing behavior, and I have updated the documentation accordingly