From abcb8e6fe921da0b302817621ccae27d0fca9c7c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Oct 2023 09:34:56 +0000
Subject: [PATCH 01/20] Bump the maven-dependencies group with 3 updates (#30)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 65b123e..64ecaec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@
5.6.0
- 8.4.0
+ 8.4.2
1.6.13
@@ -106,7 +106,7 @@
org.apache.maven.plugins
maven-clean-plugin
- 3.3.1
+ 3.3.2
@@ -180,7 +180,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.1.2
+ 3.2.1
maven-source-plugin
From 182250d5a635ef34fa43d87012332b91056b1f1f Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Tue, 28 Nov 2023 19:04:00 +0100
Subject: [PATCH 02/20] reduce and split up dependency update check
---
.github/dependabot.yml | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 505ccc1..4ed5c98 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,15 +3,31 @@ updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
- interval: "weekly"
+ interval: "monthly"
day: "monday"
time: "06:00"
- timezone: "UTC"
+ timezone: "Etc/UTC"
groups:
- maven-dependencies:
+ java-test-dependencies:
+ patterns:
+ - "org.junit.jupiter:*"
+ - "org.mockito:*"
+ maven-build-plugins:
+ patterns:
+ - "org.apache.maven.plugins:*"
+ - "org.owasp:dependency-check-maven"
+ - "org.sonatype.plugins:nexus-staging-maven-plugin"
+ - "org.codehaus.mojo:exec-maven-plugin"
+ java-production-dependencies:
patterns:
- "*"
-
+ exclude-patterns:
+ - "org.junit.jupiter:*"
+ - "org.mockito:*"
+ - "org.apache.maven.plugins:*"
+ - "org.owasp:dependency-check-maven"
+ - "org.sonatype.plugins:nexus-staging-maven-plugin"
+ - "org.codehaus.mojo:exec-maven-plugin"
- package-ecosystem: "github-actions"
directory: "/" # even for `.github/workflows`
schedule:
From 75571bc6565b9d02d7a5246f30a8d9c01a985be8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 29 Nov 2023 15:11:24 +0000
Subject: [PATCH 03/20] Bump the java-test-dependencies group with 2 updates
(#42)
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 64ecaec..8047c0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,8 +42,8 @@
2.15.3
- 5.10.0
- 5.6.0
+ 5.10.1
+ 5.7.0
8.4.2
From a454af9309671ddc65ed512b56fbc43319fbbd73 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 29 Nov 2023 15:12:30 +0000
Subject: [PATCH 04/20] Bump the java-production-dependencies group with 2
updates (#44)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 8047c0d..f690f7d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -39,7 +39,7 @@
1.3.0
2.0.9
- 2.15.3
+ 2.16.0
5.10.1
From 84b4f35aa0cea64ebe46a4859287e9b2eda1c5e2 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Wed, 29 Nov 2023 16:47:29 +0100
Subject: [PATCH 05/20] deactivate codeql on dependabot commits
---
.github/workflows/codeql-analysis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 12a5e8f..f07db0e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -17,7 +17,7 @@ jobs:
analyse:
name: Analyse
runs-on: windows-latest
- if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+ if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
steps:
- uses: actions/checkout@v4
with:
From 115c057a4b6619eb77dbb16075ed25690edc70cc Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Tue, 12 Dec 2023 15:47:54 +0100
Subject: [PATCH 06/20] migrate to new IDE default
---
.idea/misc.xml | 1 -
.idea/modules.xml | 8 --------
2 files changed, 9 deletions(-)
delete mode 100644 .idea/modules.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
index a8fc129..f2fb311 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,4 +1,3 @@
-
diff --git a/.idea/modules.xml b/.idea/modules.xml
deleted file mode 100644
index 8cbf3d6..0000000
--- a/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
-
-
\ No newline at end of file
From f4640976e70411c1033a5cc84b0e68bd369939e2 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Tue, 12 Dec 2023 15:48:27 +0100
Subject: [PATCH 07/20] update dependecy-check to 9.0.4 and refactor it to own
workflow
---
.github/workflows/build.yml | 4 +-
.github/workflows/dependency-check.yml | 54 ++++++++++++++++++++++++++
pom.xml | 4 +-
3 files changed, 58 insertions(+), 4 deletions(-)
create mode 100644 .github/workflows/dependency-check.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 846b4ee..ca409f7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -21,10 +21,10 @@ jobs:
- name: Ensure to use tagged version
if: startsWith(github.ref, 'refs/tags/')
shell: bash
- run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+ run: mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
- name: Build and Test
id: buildAndTest
- run: mvn -B clean test -Pdependency-check
+ run: mvn -B clean test
- name: Codesign DLL on release
if: startsWith(github.ref, 'refs/tags/')
uses: skymatic/code-sign-action@v2
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
new file mode 100644
index 0000000..f0bfd71
--- /dev/null
+++ b/.github/workflows/dependency-check.yml
@@ -0,0 +1,54 @@
+name: OWASP Maven Dependency Check
+on:
+ schedule:
+ - cron: '0 7 * * 0'
+ push:
+ branches:
+ - 'release/**'
+ workflow_dispatch:
+
+
+jobs:
+ check-dependencies:
+ name: Check dependencies
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ show-progress: false
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'temurin'
+ java-version: 17
+ cache: 'maven'
+ - name: Run org.owasp:dependency-check plugin
+ id: dependency-check
+ continue-on-error: true
+ run: mvn -B verify -Pdependency-check -DskipTests
+ env:
+ NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+ - name: Upload report on failure
+ if: steps.dependency-check.outcome == 'failure'
+ uses: actions/upload-artifact@v3
+ with:
+ name: dependency-check-report
+ path: target/dependency-check-report.html
+ if-no-files-found: error
+ - name: Slack Notification on regular check
+ if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
+ uses: rtCamp/action-slack-notify@v2
+ env:
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ SLACK_USERNAME: 'Cryptobot'
+ SLACK_ICON: false
+ SLACK_ICON_EMOJI: ':bot:'
+ SLACK_CHANNEL: 'cryptomator-desktop'
+ SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
+ SLACK_MESSAGE: "Download the for more details."
+ SLACK_FOOTER: false
+ MSG_MINIMAL: true
+ - name: Failing workflow on release branch
+ if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
+ shell: bash
+ run: exit 1
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index f690f7d..1742c8b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@
5.7.0
- 8.4.2
+ 9.0.4
1.6.13
@@ -248,12 +248,12 @@
dependency-check-maven
${dependency-check.version}
- 24
0
true
true
suppression.xml
false
+ ${env.NVD_API_KEY}
From e5f7bb5415176b7c3e90b570dce9c6042bb83d69 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:12:54 +0000
Subject: [PATCH 08/20] Bump the maven-build-plugins group with 3 updates (#46)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1742c8b..608ffe2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -180,7 +180,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.2.1
+ 3.2.2
maven-source-plugin
@@ -196,7 +196,7 @@
maven-javadoc-plugin
- 3.6.0
+ 3.6.3
attach-javadocs
@@ -279,7 +279,7 @@
org.codehaus.mojo
exec-maven-plugin
- 3.1.0
+ 3.1.1
From 8192d40c72a1b642da9f3d403758b9fa2d6f7301 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:13:06 +0000
Subject: [PATCH 09/20] Bump the github-actions group with 1 update (#45)
---
.github/workflows/build.yml | 2 +-
.github/workflows/codeql-analysis.yml | 2 +-
.github/workflows/publish-central.yml | 2 +-
.github/workflows/publish-github.yml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ca409f7..8c1a84b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -13,7 +13,7 @@ jobs:
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f07db0e..abe4825 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -22,7 +22,7 @@ jobs:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 2d6097c..8f4b440 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -18,7 +18,7 @@ jobs:
- uses: actions/checkout@v4
with:
ref: "refs/tags/${{ github.event.inputs.tag }}"
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index f807715..9c2d18d 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -13,7 +13,7 @@ jobs:
if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
steps:
- uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
From 03dfa1dc525d45de06fc4f6e57640b54b319db7e Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Wed, 13 Dec 2023 10:38:06 +0100
Subject: [PATCH 10/20] use correct runner and bin dependency-check:check goal
to validate phase
---
.github/workflows/dependency-check.yml | 4 ++--
pom.xml | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index f0bfd71..85fe168 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -11,7 +11,7 @@ on:
jobs:
check-dependencies:
name: Check dependencies
- runs-on: ubuntu-latest
+ runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
@@ -25,7 +25,7 @@ jobs:
- name: Run org.owasp:dependency-check plugin
id: dependency-check
continue-on-error: true
- run: mvn -B verify -Pdependency-check -DskipTests
+ run: mvn -B validate -Pdependency-check
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- name: Upload report on failure
diff --git a/pom.xml b/pom.xml
index 608ffe2..0099bf3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -260,6 +260,7 @@
check
+ validate
From dbb27466fc6ac1b27ec4ff0d6b322e8b15f1c3c8 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Wed, 13 Dec 2023 16:53:13 +0100
Subject: [PATCH 11/20] use separate cache for dependency-cache data
---
.github/workflows/dependency-check.yml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 85fe168..0bed507 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -22,6 +22,15 @@ jobs:
distribution: 'temurin'
java-version: 17
cache: 'maven'
+ - name: Cache NVD DB
+ uses: actions/cache@v3
+ with:
+ path: ~/.m2/repository/org/owasp/dependency-check-data/
+ key: dependency-check-${{ github.run_id }}
+ restore-keys: |
+ dependency-check
+ env:
+ SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
- name: Run org.owasp:dependency-check plugin
id: dependency-check
continue-on-error: true
From ec5c182f452e4fee0d789ac552b19811b486c2f3 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Wed, 13 Dec 2023 16:53:30 +0100
Subject: [PATCH 12/20] adjust dependency check plugin
---
pom.xml | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0099bf3..df7ec10 100644
--- a/pom.xml
+++ b/pom.xml
@@ -248,19 +248,20 @@
dependency-check-maven
${dependency-check.version}
+ 24
0
true
true
- suppression.xml
- false
- ${env.NVD_API_KEY}
+ suppression.xml
+ false
+ ${env.NVD_API_KEY}
check
- validate
+ validate
From b1a85b321068eb6d7a2aec9c272e2ee05a175154 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Mon, 18 Dec 2023 10:53:37 +0100
Subject: [PATCH 13/20] Update dependency-check.yml
to not run into 403 due to rate limit
---
.github/workflows/dependency-check.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 0bed507..6117013 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -1,7 +1,7 @@
name: OWASP Maven Dependency Check
on:
schedule:
- - cron: '0 7 * * 0'
+ - cron: '0 16 * * 0'
push:
branches:
- 'release/**'
@@ -60,4 +60,4 @@ jobs:
- name: Failing workflow on release branch
if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
shell: bash
- run: exit 1
\ No newline at end of file
+ run: exit 1
From a0e9ff3c5028ee4430957832d5eb793127970b93 Mon Sep 17 00:00:00 2001
From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com>
Date: Mon, 15 Jan 2024 16:37:05 +0100
Subject: [PATCH 14/20] Externalized dependency-check
---
.github/workflows/dependency-check.yml | 59 ++++----------------------
1 file changed, 8 insertions(+), 51 deletions(-)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 6117013..e161568 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -10,54 +10,11 @@ on:
jobs:
check-dependencies:
- name: Check dependencies
- runs-on: windows-latest
- steps:
- - uses: actions/checkout@v4
- with:
- show-progress: false
- - name: Setup Java
- uses: actions/setup-java@v4
- with:
- distribution: 'temurin'
- java-version: 17
- cache: 'maven'
- - name: Cache NVD DB
- uses: actions/cache@v3
- with:
- path: ~/.m2/repository/org/owasp/dependency-check-data/
- key: dependency-check-${{ github.run_id }}
- restore-keys: |
- dependency-check
- env:
- SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
- - name: Run org.owasp:dependency-check plugin
- id: dependency-check
- continue-on-error: true
- run: mvn -B validate -Pdependency-check
- env:
- NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
- - name: Upload report on failure
- if: steps.dependency-check.outcome == 'failure'
- uses: actions/upload-artifact@v3
- with:
- name: dependency-check-report
- path: target/dependency-check-report.html
- if-no-files-found: error
- - name: Slack Notification on regular check
- if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
- uses: rtCamp/action-slack-notify@v2
- env:
- SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
- SLACK_USERNAME: 'Cryptobot'
- SLACK_ICON: false
- SLACK_ICON_EMOJI: ':bot:'
- SLACK_CHANNEL: 'cryptomator-desktop'
- SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
- SLACK_MESSAGE: "Download the for more details."
- SLACK_FOOTER: false
- MSG_MINIMAL: true
- - name: Failing workflow on release branch
- if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
- shell: bash
- run: exit 1
+ uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@main
+ with:
+ runner-os: 'windows-latest'
+ java-distribution: 'temurin'
+ java-version: 17
+ secrets:
+ nvd-api-key: ${{ secrets.NVD_API_KEY }}
+ slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
From e59e377a0c058a7217d641917b09ab4eed4450e9 Mon Sep 17 00:00:00 2001
From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com>
Date: Wed, 17 Jan 2024 18:29:50 +0100
Subject: [PATCH 15/20] Changed version specifier for dependency-check
See: https://github.com/cryptomator/cryptofs/pull/202#discussion_r1453615249
---
.github/workflows/dependency-check.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index e161568..d0c8357 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -10,7 +10,7 @@ on:
jobs:
check-dependencies:
- uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@main
+ uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
with:
runner-os: 'windows-latest'
java-distribution: 'temurin'
From e5cafce6f1e277d3284fa2df1dd974860da17d2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 09:09:22 +0000
Subject: [PATCH 16/20] Bump the java-test-dependencies group with 1 update
(#54)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index df7ec10..de74063 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
5.10.1
- 5.7.0
+ 5.10.0
9.0.4
From 6f48a57f5d7527293f1b6bb972c4ca27192ff74d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 09:09:43 +0000
Subject: [PATCH 17/20] Bump the maven-build-plugins group with 3 updates (#55)
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index de74063..9dab5a5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@
5.10.0
- 9.0.4
+ 9.0.9
1.6.13
@@ -122,7 +122,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.11.0
+ 3.12.1
-h
@@ -180,7 +180,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.2.2
+ 3.2.5
maven-source-plugin
From bf785c329d36ee6eea19d6fd6ac731b6bce94208 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Feb 2024 08:56:26 +0000
Subject: [PATCH 18/20] Bump the github-actions group with 2 updates (#51)
---
.github/workflows/build.yml | 2 +-
.github/workflows/codeql-analysis.yml | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8c1a84b..1dd8715 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -37,7 +37,7 @@ jobs:
- name: Package and Install
id: packAndInstall
run: mvn -B install -DskipNativeCompile
- - uses: actions/upload-artifact@v3
+ - uses: actions/upload-artifact@v4
with:
name: artifacts
path: target/*.jar
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index abe4825..cd30ed4 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -28,10 +28,10 @@ jobs:
java-version: 17
cache: 'maven'
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
with:
languages: java
- name: Build
run: mvn -B compile
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
\ No newline at end of file
+ uses: github/codeql-action/analyze@v3
\ No newline at end of file
From 71239d8f26229d59fc953fc0c9bcce96248259a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 12:43:24 +0000
Subject: [PATCH 19/20] Bump the java-production-dependencies group with 4
updates (#53)
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 9dab5a5..06c3600 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,8 +38,8 @@
1.3.0
- 2.0.9
- 2.16.0
+ 2.0.11
+ 2.16.1
5.10.1
From b531fcc2fdc54b70fda804dcd9adaee201efdee0 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Mon, 5 Feb 2024 13:53:57 +0100
Subject: [PATCH 20/20] prepare 1.2.5
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 06c3600..ab3209e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
4.0.0
org.cryptomator
integrations-win
- 1.3.0-SNAPSHOT
+ 1.2.5
Cryptomator Integrations for Windows
Provides optional Windows services used by Cryptomator