Fixed vulnerability CVE-2023-42503 (#35)

* Fixed vulnerability CVE-2023-42503
* Fixed test

Co-authored-by: Christoph Pirkl <[email protected]>

.gitattributes

@@ -1,16 +1,12 @@
 *.sh    text eol=lf
 *.bat   text eol=crlf
-
-pk_generated_parent.pom  linguist-generated=true
-dependencies.md          linguist-generated=true
-doc/changes/changelog.md linguist-generated=true
-
+pk_generated_parent.pom                                       linguist-generated=true
+dependencies.md                                               linguist-generated=true
+doc/changes/changelog.md                                      linguist-generated=true
 .github/workflows/broken_links_checker.yml                    linguist-generated=true
 .github/workflows/ci-build-next-java.yml                      linguist-generated=true
-.github/workflows/ci-build.yml                                linguist-generated=true
 .github/workflows/dependencies_check.yml                      linguist-generated=true
-.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true
 .github/workflows/release_droid_print_quick_checksum.yml      linguist-generated=true
-
-.settings/org.eclipse.jdt.core.prefs linguist-generated=true
-.settings/org.eclipse.jdt.ui.prefs   linguist-generated=true
+.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true
+.settings/org.eclipse.jdt.core.prefs                          linguist-generated=true
+.settings/org.eclipse.jdt.ui.prefs                            linguist-generated=true

.github/workflows/ci-build.yml

@@ -12,9 +12,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        docker_db_version: ["7.1.22", "8.22.0"]
+        docker_db_version: ["7.1.23", "8.23.0"]
     env:
-      DEFAULT_DB_VERSION: "7.1.22"
+      DEFAULT_DB_VERSION: "8.23.0"
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.docker_db_version }}
       cancel-in-progress: true
@@ -24,7 +24,7 @@ jobs:
           sudo rm -rf /usr/local/lib/android
           sudo rm -rf /usr/share/dotnet
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up JDK 11 & 17
@@ -45,7 +45,8 @@ jobs:
         run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
       - name: Run tests and build with Maven
         run: |
-          JAVA_HOME=$JAVA_HOME_11_X64 mvn --batch-mode clean verify \
+          JAVA_HOME=$JAVA_HOME_11_X64 \
+              mvn --batch-mode clean verify \
               -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
               -DtrimStackTrace=false
       - name: Publish Test Report
@@ -56,7 +57,8 @@ jobs:
       - name: Sonar analysis
         if: ${{ env.SONAR_TOKEN != null && env.DEFAULT_DB_VERSION == matrix.docker_db_version }}
         run: |
-          JAVA_HOME=$JAVA_HOME_17_X64 mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+          JAVA_HOME=$JAVA_HOME_17_X64 \
+              mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
               -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
               -DtrimStackTrace=false \
               -Dsonar.organization=exasol \

.gitignore

@@ -18,9 +18,10 @@ target
 dependency-reduced-pom.xml
 .project
 .classpath
-.settings/org.eclipse.jdt.apt.core.prefs
-.settings/org.eclipse.core.resources.prefs
-.settings/org.eclipse.m2e.core.prefs
+/.settings/org.eclipse.core.resources.prefs
+/.settings/org.eclipse.jdt.apt.core.prefs
+/.settings/org.eclipse.m2e.core.prefs
+/.settings/org.sonarlint.eclipse.core.prefs
 pom.xml.versionsBackup
 ~*
 *.orig

doc/changes/changes_1.1.4.md

@@ -0,0 +1,36 @@
+# Bucketfs Client 1.1.4, released 2023-10-25
+
+Code name: Dependency Upgrade
+
+## Summary
+
+This release fixes vulnerability CVE-2023-42503 in transitive test dependency to `org.apache.commons:commons-compress` via `exasol-testcontainers` by updating dependencies.
+
+## Security
+
+* #34: Fixed vulnerability CVE-2023-42503 in test dependency `org.apache.commons:commons-compress`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:bucketfs-java:3.1.0` to `3.1.1`
+
+### Test Dependency Updates
+
+* Updated `com.exasol:exasol-testcontainers:6.6.1` to `6.6.2`
+* Updated `nl.jqno.equalsverifier:equalsverifier:3.15.1` to `3.15.2`
+* Updated `org.junit-pioneer:junit-pioneer:2.0.1` to `2.1.0`
+* Updated `org.mockito:mockito-junit-jupiter:5.5.0` to `5.6.0`
+* Updated `org.slf4j:slf4j-jdk14:2.0.7` to `2.0.9`
+* Updated `org.testcontainers:junit-jupiter:1.19.0` to `1.19.1`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.0` to `1.3.1`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.11` to `2.9.14`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.0` to `3.4.1`
+* Updated `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1` to `2.0.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.0` to `2.16.1`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.10` to `0.8.11`
+* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594`