Merge branch 'release/2.0.6'

cryptomator · Feb 5, 2024 · b02ef7a · b02ef7a
2 parents 1491800 + 6ab8829
commit b02ef7a
Show file tree

Hide file tree

Showing 7 changed files with 107 additions and 32 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -3,20 +3,30 @@ updates:
  - package-ecosystem: "maven"
  directory: "/"
  schedule:
- interval: "weekly"
- day: "monday"
- time: "06:00"
- timezone: "UTC"
+ interval: "monthly"
  groups:
- maven-dependencies:
+ maven-build-plugins:
+ patterns:
+ - "org.apache.maven.plugins:*"
+ - "org.jacoco:jacoco-maven-plugin"
+ - "org.owasp:dependency-check-maven"
+ - "org.sonatype.plugins:nexus-staging-maven-plugin"
+ java-production-dependencies:
  patterns:
  - "*"
+ exclude-patterns:
+ - "org.apache.maven.plugins:*"
+ - "org.jacoco:jacoco-maven-plugin"
+ - "org.owasp:dependency-check-maven"
+ - "org.sonatype.plugins:nexus-staging-maven-plugin"
+ - "org.junit.jupiter:*"
  ignore:
  # keep using Jetty 10.x (javax.*) instead of Jetty 11 (jakarta.*)
  - dependency-name: "org.eclipse.jetty:jetty-server"
- versions: ["11.x"]
+ update-types: ["version-update:semver-major"]
  - dependency-name: "org.eclipse.jetty:jetty-servlet"
- versions: ["11.x"]
+ update-types: ["version-update:semver-major"]
+
 
  - package-ecosystem: "github-actions"
  directory: "/" # even for `.github/workflows`

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -5,27 +5,26 @@ jobs:
  build:
  name: Build and Test
  runs-on: ubuntu-latest
- if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
  steps:
  - uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
  with:
- java-version: 17
+ java-version: 21
  distribution: 'temurin'
  cache: 'maven'
  - name: Ensure to use tagged version
  if: startsWith(github.ref, 'refs/tags/')
- run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+ run: mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
  - name: Build and Test
  id: buildAndTest
- run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
+ run: mvn -B clean install jacoco:report -Pcoverage
  - name: Upload code coverage report
  id: codacyCoverageReporter
  run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
  env:
  CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
  continue-on-error: true
- - uses: actions/upload-artifact@v3
+ - uses: actions/upload-artifact@v4
  with:
  name: artifacts
  path: target/*.jar

diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
@@ -0,0 +1,63 @@
+name: OWASP Maven Dependency Check
+on:
+ schedule:
+ - cron: '0 13 * * 0'
+ push:
+ branches:
+ - 'release/**'
+ workflow_dispatch:
+
+
+jobs:
+ check-dependencies:
+ name: Check dependencies
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ show-progress: false
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: 'temurin'
+ cache: 'maven'
+ - name: Cache NVD DB
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository/org/owasp/dependency-check-data/
+ key: dependency-check-${{ github.run_id }}
+ restore-keys: |
+ dependency-check
+ env:
+ SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
+ - name: Run org.owasp:dependency-check plugin
+ id: dependency-check
+ continue-on-error: true
+ run: mvn -B validate -Pdependency-check
+ env:
+ NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+ - name: Upload report on failure
+ if: steps.dependency-check.outcome == 'failure'
+ uses: actions/upload-artifact@v4
+ with:
+ name: dependency-check-report
+ path: target/dependency-check-report.html
+ if-no-files-found: error
+ - name: Slack Notification on regular check
+ if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
+ uses: rtCamp/action-slack-notify@v2
+ env:
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ SLACK_USERNAME: 'Cryptobot'
+ SLACK_ICON: false
+ SLACK_ICON_EMOJI: ':bot:'
+ SLACK_CHANNEL: 'cryptomator-desktop'
+ SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
+ SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
+ SLACK_FOOTER: false
+ MSG_MINIMAL: true
+ - name: Failing workflow on release branch
+ if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
+ shell: bash
+ run: exit 1
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
@@ -13,9 +13,9 @@ jobs:
  - uses: actions/checkout@v4
  with:
  ref: "refs/tags/${{ github.event.inputs.tag }}"
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
  with:
- java-version: 17
+ java-version: 21
  distribution: 'temurin'
  cache: 'maven'
  server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml

diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
@@ -8,9 +8,9 @@ jobs:
  if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
  steps:
  - uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
  with:
- java-version: 17
+ java-version: 21
  distribution: 'temurin'
  cache: 'maven'
  gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import

diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,6 @@ test-output/
 .idea/compiler.xml
 .idea/jarRepositories.xml
 *.iml
+
+# Maven
+pom.xml.versionsBackup
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.cryptomator</groupId>
  <artifactId>webdav-nio-adapter</artifactId>
- <version>2.0.5</version>
+ <version>2.0.6</version>
  <name>WebDAV-NIO Adapter</name>
  <description>Embedded Jetty serving a WebDAV servlet to access resources at a given NIO path.</description>
  <url>https://github.com/cryptomator/webdav-nio-adapter</url>
@@ -20,16 +20,16 @@
 
  <!-- dependencies -->
  <integrations-api.version>1.3.0</integrations-api.version>
- <webdavservlet.version>1.2.4</webdavservlet.version>
- <jetty.version>10.0.17</jetty.version>
- <slf4j.version>2.0.9</slf4j.version>
+ <webdavservlet.version>1.2.5</webdavservlet.version>
+ <jetty.version>10.0.20</jetty.version>
+ <slf4j.version>2.0.11</slf4j.version>
 
  <!-- test dependencies -->
- <junit.jupiter.version>5.10.0</junit.jupiter.version>
+ <junit.jupiter.version>5.10.1</junit.jupiter.version>
 
  <!-- mvn plugin dependencies -->
- <dependency-check.version>8.4.0</dependency-check.version>
- <jacoco.version>0.8.10</jacoco.version>
+ <dependency-check.version>9.0.9</dependency-check.version>
+ <jacoco.version>0.8.11</jacoco.version>
  <nexus-staging.version>1.6.13</nexus-staging.version>
  <maven.deploy.version>3.1.1</maven.deploy.version>
  </properties>
@@ -82,7 +82,7 @@
  <dependency>
  <groupId>org.jetbrains</groupId>
  <artifactId>annotations</artifactId>
- <version>24.0.1</version>
+ <version>24.1.0</version>
  <scope>provided</scope>
  </dependency>
 
@@ -113,7 +113,7 @@
  <plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-compiler-plugin</artifactId>
- <version>3.11.0</version>
+ <version>3.12.1</version>
  <configuration>
  <release>${project.build.jdk}</release>
  <showWarnings>true</showWarnings>
@@ -122,7 +122,7 @@
  <plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-surefire-plugin</artifactId>
- <version>3.1.2</version>
+ <version>3.2.5</version>
  </plugin>
  <plugin>
  <groupId>org.apache.maven.plugins</groupId>
@@ -143,7 +143,7 @@
  </plugin>
  <plugin>
  <artifactId>maven-javadoc-plugin</artifactId>
- <version>3.6.0</version>
+ <version>3.6.3</version>
  <executions>
  <execution>
  <id>attach-javadocs</id>
@@ -166,19 +166,19 @@
  <artifactId>dependency-check-maven</artifactId>
  <version>${dependency-check.version}</version>
  <configuration>
- <cveValidForHours>24</cveValidForHours>
+ <nvdValidForHours>24</nvdValidForHours>
  <failBuildOnCVSS>0</failBuildOnCVSS>
  <skipTestScope>true</skipTestScope>
  <detail>true</detail>
- <suppressionFiles>
- <suppressionFile>suppression.xml</suppressionFile>
- </suppressionFiles>
+ <suppressionFile>suppression.xml</suppressionFile>
+ <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
  </configuration>
  <executions>
  <execution>
  <goals>
  <goal>check</goal>
  </goals>
+ <phase>validate</phase>
  </execution>
  </executions>
  </plugin>