Add upgrade notes for 0.7.0-alpha.7-9 (#103)

* Add upgrade notes for 0.7.0-alpha.7-9

Signed-off-by: nscuro <nscuro@protonmail.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Niklas <nscuro@protonmail.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Niklas <nscuro@protonmail.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Niklas <nscuro@protonmail.com>

---------

Signed-off-by: nscuro <nscuro@protonmail.com>
Signed-off-by: Niklas <nscuro@protonmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: nscuro

docs/guides/upgrading/.pages

@@ -1,6 +1,9 @@
 title: Upgrade guides
 nav:
   - index.md
+  - v0.7.0-alpha.9.md
+  - v0.7.0-alpha.8.md
+  - v0.7.0-alpha.7.md
   - v0.7.0-alpha.6.md
   - v0.7.0-alpha.5.md
   - v0.7.0-alpha.4.md

docs/guides/upgrading/v0.7.0-alpha.7.md

@@ -0,0 +1,3 @@
+# Upgrading to v0.7.0-alpha.7
+
+No breaking changes, and no manual steps required.

docs/guides/upgrading/v0.7.0-alpha.8.md

@@ -0,0 +1,8 @@
+# Upgrading to v0.7.0-alpha.8
+
+* **Removed `PROJECT_VULN_ANALYSIS_COMPLETE` notifications**. Their model is suboptimal and their content
+  expensive to produce. Since they were never configurable via UI, this release removes them. A similar capability
+  may be reintroduced in a future release, based on user demand.
+* **Java baseline raised to 25**. Java 25 is now required to build and run the app. Official container
+  images shipped with Java 25 since September 2025. This change only affects users who build the app
+  from source or assemble custom container images.

docs/guides/upgrading/v0.7.0-alpha.9.md

@@ -0,0 +1,29 @@
+# Upgrading to v0.7.0-alpha.9
+
+* **Removed `componentMetaInformation` fields from `/api/v1/component/*` endpoints**. The data (publish timestamp,
+  hashes from repositories) is now available as `package_metadata` and `package_artifact_metadata` in `/api/v2/components`.
+  Refer to the [API v2 OpenAPI spec][openapi-v2] for details.
+* **Introduced `expand`-able fields in API v2**. Certain fields are now excluded from responses by default, but can be
+  expanded using the `expand` query parameter. This impacts the `/api/v2/components` and `/api/v2/projects/{uuid}/components`
+  endpoints, where `metrics` and `occurrence_count` must be explicitly expanded going forward.
+  Refer to the [API v2 OpenAPI spec][openapi-v2] for details.
+* **Removed LDAP synchronization job**. The LDAP integration no longer asynchronously synchronizes users and team
+  memberships. Instead, synchronization happens ad-hoc when users successfully log in. This matches the behavior of
+  the OIDC integration.
+* **Simplified configuration surface of scheduled tasks**. The following configuration properties are no longer used:
+    * `(alpine|dt).worker.threads`
+    * `(alpine|dt).worker.thread.multiplier`
+    * `(alpine|dt).worker.pool.drain.timeout.duration`
+    * `dt.task.internal.component.identification.lock.max.duration`
+    * `dt.task.internal.component.identification.lock.min.duration`
+    * `dt.task.vulnerability.analysis.lock.max.duration`
+    * `dt.task.vulnerability.analysis.lock.min.duration`
+    * `dt.task.epss.mirror.lock.max.duration`
+    * `dt.task.epss.mirror.lock.min.duration`
+    * `dt.task.internal.component.identification.cron`
+    * `dt.task.metrics.maintenance.lock.max.duration`
+    * `dt.task.metrics.maintenance.lock.min.duration`
+* **Added support for rejected / withdrawn vulnerabilities**. The internal analyzer no longer reports vulnerabilities
+  rejected or withdrawn by their source. The UI now shows a *Rejected* badge for such vulnerabilities.
+
+[openapi-v2]: ../../reference/api/v2.md