From 02042a1dfe0116f20b7363aac34fbde535b481ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:27:08 +0000
Subject: [PATCH 01/22] Bump the maven-dependencies group with 1 update (#17)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 7cca0ac..31990ab 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
5.10.0
- 5.5.0
+ 5.6.0
2.2
From 9161e3b4d4c92b5b8ed8bd1fe7b3932ffc736eca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Oct 2023 19:10:24 +0000
Subject: [PATCH 02/22] Bump org.owasp:dependency-check-maven from 8.4.0 to
8.4.2 (#21)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 31990ab..ed2ce27 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,7 +177,7 @@
org.owasp
dependency-check-maven
- 8.4.0
+ 8.4.2
24
6
From 3f60ea242a9b540459f47d9024d0937336914091 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Oct 2023 19:10:46 +0000
Subject: [PATCH 03/22] Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to
0.8.11 (#20)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index ed2ce27..bbc0934 100644
--- a/pom.xml
+++ b/pom.xml
@@ -201,7 +201,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.10
+ 0.8.11
prepare-agent
From e2b94461ea43e6d64629833b23840ef89e2915d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 09:34:32 +0000
Subject: [PATCH 04/22] Bump the maven-dependencies group with 3 updates (#23)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index bbc0934..bc24d10 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,8 +19,8 @@
4.0.1
- 2.21.19
- 32.1.2-jre
+ 2.21.20
+ 32.1.3-jre
2.0.9
@@ -128,7 +128,7 @@
maven-surefire-plugin
- 3.1.2
+ 3.2.1
org.apache.maven.plugins
From ddf21dc1fe3e17263121344dfe934a2ace12db4a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Nov 2023 10:00:54 +0000
Subject: [PATCH 05/22] Bump the maven-dependencies group with 2 updates (#24)
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index bc24d10..940bfaf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,8 +24,8 @@
2.0.9
- 5.10.0
- 5.6.0
+ 5.10.1
+ 5.7.0
2.2
From 5e0c57ae7a7a6c1d6868e2048fd0e7c630c1cec3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Nov 2023 20:40:34 +0000
Subject: [PATCH 06/22] Bump the maven-dependencies group with 3 updates (#27)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 940bfaf..a678574 100644
--- a/pom.xml
+++ b/pom.xml
@@ -128,7 +128,7 @@
maven-surefire-plugin
- 3.2.1
+ 3.2.2
org.apache.maven.plugins
@@ -156,7 +156,7 @@
maven-javadoc-plugin
- 3.6.0
+ 3.6.2
attach-javadocs
@@ -177,7 +177,7 @@
org.owasp
dependency-check-maven
- 8.4.2
+ 8.4.3
24
6
From 30f8a251d54e1399bbf8b4cae2d3ce7d32f5a874 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Tue, 12 Dec 2023 15:35:22 +0100
Subject: [PATCH 07/22] update dependabot file
---
.github/dependabot.yml | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 505ccc1..0204850 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,14 +3,31 @@ updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
- interval: "weekly"
- day: "monday"
- time: "06:00"
- timezone: "UTC"
+ interval: "monthly"
groups:
- maven-dependencies:
+ java-test-dependencies:
+ patterns:
+ - "org.junit.jupiter:*"
+ - "org.mockito:*"
+ - "org.hamcrest:*"
+ maven-build-plugins:
+ patterns:
+ - "org.apache.maven.plugins:*"
+ - "org.jacoco:jacoco-maven-plugin"
+ - "org.owasp:dependency-check-maven"
+ - "org.sonatype.plugins:nexus-staging-maven-plugin"
+ java-production-dependencies:
patterns:
- "*"
+ exclude-patterns:
+ - "org.apache.maven.plugins:*"
+ - "org.jacoco:jacoco-maven-plugin"
+ - "org.owasp:dependency-check-maven"
+ - "org.sonatype.plugins:nexus-staging-maven-plugin"
+ - "org.junit.jupiter:*"
+ - "org.mockito:*"
+ - "org.hamcrest:*"
+
- package-ecosystem: "github-actions"
directory: "/" # even for `.github/workflows`
From 7d9827e56d847c76e87be15cc878e8366fbcb763 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Tue, 12 Dec 2023 15:38:55 +0100
Subject: [PATCH 08/22] update dependecy-check to 9.0.4 and refactor it to own
workflow
---
.github/workflows/build.yml | 4 +-
.github/workflows/dependency-check.yml | 54 ++++++++++++++++++++++++++
pom.xml | 7 +++-
3 files changed, 61 insertions(+), 4 deletions(-)
create mode 100644 .github/workflows/dependency-check.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1b156fa..ef7454d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,10 +15,10 @@ jobs:
cache: 'maven'
- name: Ensure to use tagged version
if: startsWith(github.ref, 'refs/tags/')
- run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+ run: mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
- name: Build and Test
id: buildAndTest
- run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
+ run: mvn -B clean install jacoco:report -Pcoverage
- uses: actions/upload-artifact@v3
with:
name: artifacts
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
new file mode 100644
index 0000000..ae2ab3f
--- /dev/null
+++ b/.github/workflows/dependency-check.yml
@@ -0,0 +1,54 @@
+name: OWASP Maven Dependency Check
+on:
+ schedule:
+ - cron: '0 7 * * 0'
+ push:
+ branches:
+ - 'release/**'
+ workflow_dispatch:
+
+
+jobs:
+ check-dependencies:
+ name: Check dependencies
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ show-progress: false
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'temurin'
+ java-version: 11
+ cache: 'maven'
+ - name: Run org.owasp:dependency-check plugin
+ id: dependency-check
+ continue-on-error: true
+ run: mvn -B verify -Pdependency-check -DskipTests
+ env:
+ NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+ - name: Upload report on failure
+ if: steps.dependency-check.outcome == 'failure'
+ uses: actions/upload-artifact@v3
+ with:
+ name: dependency-check-report
+ path: target/dependency-check-report.html
+ if-no-files-found: error
+ - name: Slack Notification on regular check
+ if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
+ uses: rtCamp/action-slack-notify@v2
+ env:
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ SLACK_USERNAME: 'Cryptobot'
+ SLACK_ICON: false
+ SLACK_ICON_EMOJI: ':bot:'
+ SLACK_CHANNEL: 'cryptomator-desktop'
+ SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
+ SLACK_MESSAGE: "Download the for more details."
+ SLACK_FOOTER: false
+ MSG_MINIMAL: true
+ - name: Failing workflow on release branch
+ if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
+ shell: bash
+ run: exit 1
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index a678574..0b2f1d0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,6 +27,9 @@
5.10.1
5.7.0
2.2
+
+
+ 9.0.4
@@ -177,10 +180,10 @@
org.owasp
dependency-check-maven
- 8.4.3
+ ${dependency-check.version}
- 24
6
+ ${env.NVD_API_KEY}
From 377cfb3ceddeb50fe6907a2a1b6a5ccc92b42c7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:10:54 +0000
Subject: [PATCH 09/22] Bump the java-test-dependencies group with 1 update
(#32)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 0b2f1d0..f809f82 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
5.10.1
- 5.7.0
+ 5.8.0
2.2
From 126b0dfd7cebe04c8c92971b7fb9d9cf17f7bdcd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:11:11 +0000
Subject: [PATCH 10/22] Bump the github-actions group with 1 update (#29)
---
.github/workflows/build.yml | 2 +-
.github/workflows/publish-central.yml | 2 +-
.github/workflows/publish-github.yml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ef7454d..d4ba718 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,7 +8,7 @@ jobs:
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 22333fe..54681aa 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -13,7 +13,7 @@ jobs:
- uses: actions/checkout@v4
with:
ref: "refs/tags/${{ github.event.inputs.tag }}"
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index c6e4bad..d72d74c 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -8,7 +8,7 @@ jobs:
if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
From 8ebb68b0e27c3f78c02d46d6bf8e3ad5fca106be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:11:22 +0000
Subject: [PATCH 11/22] Bump the maven-build-plugins group with 1 update (#33)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index f809f82..380f4c5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -159,7 +159,7 @@
maven-javadoc-plugin
- 3.6.2
+ 3.6.3
attach-javadocs
From daade8814bc08393c3c0f1700f6f111577371b79 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Wed, 13 Dec 2023 16:21:25 +0100
Subject: [PATCH 12/22] use separate cache for dependency-cache data
---
.github/workflows/dependency-check.yml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index ae2ab3f..f22b30c 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -22,6 +22,15 @@ jobs:
distribution: 'temurin'
java-version: 11
cache: 'maven'
+ - name: Cache NVD DB
+ uses: actions/cache@v3
+ with:
+ path: ~/.m2/repository/org/owasp/dependency-check-data/
+ key: dependency-check-${{ github.run_id }}
+ restore-keys: |
+ dependency-check
+ env:
+ SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
- name: Run org.owasp:dependency-check plugin
id: dependency-check
continue-on-error: true
From 6702982701e9638a07bee8984289120eed49650c Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Wed, 13 Dec 2023 16:21:50 +0100
Subject: [PATCH 13/22] adjust dependency check plugin
---
.github/workflows/dependency-check.yml | 2 +-
pom.xml | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index f22b30c..10172f3 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -34,7 +34,7 @@ jobs:
- name: Run org.owasp:dependency-check plugin
id: dependency-check
continue-on-error: true
- run: mvn -B verify -Pdependency-check -DskipTests
+ run: mvn -B validate -Pdependency-check
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- name: Upload report on failure
diff --git a/pom.xml b/pom.xml
index 380f4c5..b57e53f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -182,7 +182,10 @@
dependency-check-maven
${dependency-check.version}
+ 24
6
+ true
+ true
${env.NVD_API_KEY}
@@ -190,6 +193,7 @@
check
+ validate
From 4512d23ac4e66f0eebbad4cfa863f145c5a4d2d4 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Mon, 18 Dec 2023 10:53:07 +0100
Subject: [PATCH 14/22] Update dependency-check.yml
to not run into 403 due to rate limit
---
.github/workflows/dependency-check.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 10172f3..95dbb37 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -1,7 +1,7 @@
name: OWASP Maven Dependency Check
on:
schedule:
- - cron: '0 7 * * 0'
+ - cron: '0 15 * * 0'
push:
branches:
- 'release/**'
@@ -60,4 +60,4 @@ jobs:
- name: Failing workflow on release branch
if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
shell: bash
- run: exit 1
\ No newline at end of file
+ run: exit 1
From d768bb8982242cc0153694c0f9143f7b099fa480 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jan 2024 08:43:37 +0000
Subject: [PATCH 15/22] Bump org.owasp:dependency-check-maven from 9.0.4 to
9.0.6 (#38)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index b57e53f..a0b44b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
2.2
- 9.0.4
+ 9.0.6
From 78fc18d4d729723d487c1b8804de01ebf7ec5dfc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 09:15:36 +0000
Subject: [PATCH 16/22] Bump the maven-build-plugins group with 3 updates (#39)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index a0b44b7..e6effe7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
2.2
- 9.0.6
+ 9.0.9
@@ -123,7 +123,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.11.0
+ 3.12.1
11
true
@@ -131,7 +131,7 @@
maven-surefire-plugin
- 3.2.2
+ 3.2.5
org.apache.maven.plugins
From 6e317b9b37164ef2bfbe5e565d402ad353dff10e Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Fri, 2 Feb 2024 10:23:16 +0100
Subject: [PATCH 17/22] Update CI to JDK 21
excluding dependency-check
---
.github/workflows/build.yml | 2 +-
.github/workflows/publish-central.yml | 2 +-
.github/workflows/publish-github.yml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d4ba718..a715750 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
- java-version: 11
+ java-version: 21
distribution: 'temurin'
cache: 'maven'
- name: Ensure to use tagged version
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 54681aa..afabe60 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -15,7 +15,7 @@ jobs:
ref: "refs/tags/${{ github.event.inputs.tag }}"
- uses: actions/setup-java@v4
with:
- java-version: 11
+ java-version: 21
distribution: 'temurin'
cache: 'maven'
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index d72d74c..be60dec 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -10,7 +10,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
- java-version: 11
+ java-version: 21
distribution: 'temurin'
cache: 'maven'
gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
From 3d8a8918b6db64eb7b61e70565a39b62929e11ed Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Fri, 2 Feb 2024 10:23:36 +0100
Subject: [PATCH 18/22] clean up build-workflow
---
.github/workflows/build.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a715750..91c095c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,7 +5,6 @@ jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
- if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
From 2610f1d45e2015dcf247d153537387f3351c4078 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Feb 2024 09:25:22 +0000
Subject: [PATCH 19/22] Bump the java-test-dependencies group with 1 update
(#43)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index e6effe7..af8a4d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
5.10.1
- 5.8.0
+ 5.10.0
2.2
From 3f49f0a55d667e82ea7b749fa382a196364a9827 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 13:30:25 +0000
Subject: [PATCH 20/22] Bump the github-actions group with 2 updates (#41)
---
.github/workflows/build.yml | 2 +-
.github/workflows/dependency-check.yml | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 91c095c..2aeed78 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,7 +18,7 @@ jobs:
- name: Build and Test
id: buildAndTest
run: mvn -B clean install jacoco:report -Pcoverage
- - uses: actions/upload-artifact@v3
+ - uses: actions/upload-artifact@v4
with:
name: artifacts
path: target/*.jar
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 95dbb37..e0b77ac 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -23,7 +23,7 @@ jobs:
java-version: 11
cache: 'maven'
- name: Cache NVD DB
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: ~/.m2/repository/org/owasp/dependency-check-data/
key: dependency-check-${{ github.run_id }}
@@ -39,7 +39,7 @@ jobs:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- name: Upload report on failure
if: steps.dependency-check.outcome == 'failure'
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: dependency-check-report
path: target/dependency-check-report.html
From 17d09828bee99a7f1ad9b5028d582a4170d0b042 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 13:38:30 +0000
Subject: [PATCH 21/22] Bump the java-production-dependencies group with 4
updates (#42)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index af8a4d9..b878c99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,9 +19,9 @@
4.0.1
- 2.21.20
- 32.1.3-jre
- 2.0.9
+ 2.21.22
+ 33.0.0-jre
+ 2.0.11
5.10.1
From 8eb8c383043a2c9a50bbbb7c924cb76b2816322c Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Mon, 5 Feb 2024 14:50:13 +0100
Subject: [PATCH 22/22] prepare 1.2.5
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index b878c99..07fd6bf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
org.cryptomator
webdav-nio-adapter-servlet
- 1.2.4
+ 1.2.5
WebDAV-NIO Adapter Servlet
Servlet serving NIO directory contents as WebDAV resources.
https://github.com/cryptomator/webdav-nio-adapter-servlet