From d82fa9bd08a3168bf65a90aed7240c80319ad3fe Mon Sep 17 00:00:00 2001
From: Jonas Brand <101177682+8R0WNI3@users.noreply.github.com>
Date: Tue, 23 Jun 2026 11:03:51 +0200
Subject: [PATCH 1/3] fix(logging): Prevent logging of query paramters (#867)

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
---
 src/app.py                 | 11 +++++++++++
 src/odg_client/__init__.py |  8 ++++++++
 2 files changed, 19 insertions(+)

diff --git a/src/app.py b/src/app.py
index d2db8847..09d79996 100755
--- a/src/app.py
+++ b/src/app.py
@@ -6,6 +6,7 @@
 import os
 
 import aiohttp.web
+import aiohttp.web_log
 import aiohttp_swagger3
 
 import ci.log
@@ -473,6 +474,16 @@ async def run_app():
         print(f'listening at {host}:{port}')
         print()
 
+    def _format_r(request: aiohttp.web.BaseRequest, *args, **kwargs) -> str:
+        if request is None:
+            return '-'
+        # use `path` instead of `path_qs` to _not_ log query parameters
+        return (
+            f'{request.method} {request.path} HTTP/{request.version.major}.{request.version.minor}'
+        )
+
+    aiohttp.web_log.AccessLogger._format_r = _format_r
+
     runner = aiohttp.web.AppRunner(app)
     await runner.setup()
     await aiohttp.web.TCPSite(
diff --git a/src/odg_client/__init__.py b/src/odg_client/__init__.py
index 8ad0c117..ec8cb9b8 100644
--- a/src/odg_client/__init__.py
+++ b/src/odg_client/__init__.py
@@ -4,6 +4,7 @@
 import logging
 import time
 import typing
+import urllib.parse
 
 import dacite
 import jwt as pyjwt
@@ -267,6 +268,13 @@ def _authenticate(self):
                 f'{res.status_code=} {res.reason=} {res.content=}',
             )
 
+        parsed_url = urllib.parse.urlparse(res.url)
+        parsed_query = urllib.parse.parse_qs(parsed_url.query)
+        parsed_query['access_token'] = ('REDACTED',)
+        query = urllib.parse.urlencode(parsed_query, doseq=True)
+        url = res.url.split('?')[0]
+        res.url = f'{url}?{query}'
+
         res.raise_for_status()
 
         self._bearer_token = res.cookies.get(odg_client.jwt.JWT_KEY)

From 5483fcf98f41c538360ad3dba3c70f0536f9982c Mon Sep 17 00:00:00 2001
From: Jonas Brand <101177682+8R0WNI3@users.noreply.github.com>
Date: Tue, 23 Jun 2026 11:09:15 +0200
Subject: [PATCH 2/3] fix(db): Prevent too large db query by filtering out SBOM
 artefacts (#868)

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
---
 src/deliverydb/util.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/deliverydb/util.py b/src/deliverydb/util.py
index 29789dce..d514e975 100644
--- a/src/deliverydb/util.py
+++ b/src/deliverydb/util.py
@@ -167,6 +167,11 @@ async def artefact_queries(
                         node_filter=ocm.iter.Filter.artefacts,
                         recursion_depth=0,
                     )
+                    if artefact_node.artefact.type
+                    not in (
+                        'application/vnd.cyclonedx+json',
+                        'application/spdx+json',
+                    )
                 ]
             else:
                 # if no component version is specified, artefact specific querying must be

From adbc1bbffa80547e8716b83d955d5af9dd05695c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 23 Jun 2026 09:20:26 +0000
Subject: [PATCH 3/3] Upgrade odg client

from 0.10.0 to 0.11.0
---
 ODG_CLIENT_VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ODG_CLIENT_VERSION b/ODG_CLIENT_VERSION
index 78bc1abd..d9df1bbc 100644
--- a/ODG_CLIENT_VERSION
+++ b/ODG_CLIENT_VERSION
@@ -1 +1 @@
-0.10.0
+0.11.0