From 204e573625f4984695ae551e1c157e11959f8a52 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 07:34:39 -0400 Subject: [PATCH 01/22] fix commons text --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index deb307d..07cc02a 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -2,7 +2,7 @@ # https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format [libraries] -commons-text = { module = "org.apache.commons:commons-text", version = "1.9" } +commons-text = { module = "org.apache.commons:commons-text", version = "1.10.0" } minio = { module = "io.minio:minio", version = "8.5.8" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } From fe290bdb4ec6b0cfda764d78d445854668af3cfa Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 07:39:37 -0400 Subject: [PATCH 02/22] fix other vulnerabilities --- build.gradle.kts | 12 ++++++++++++ gradle/libs.versions.toml | 4 +++- lib/build.gradle.kts | 6 ++++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index d6e51af..5c0c130 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,3 +1,15 @@ +// Constrain 'com.squareup.okio:okio' to avoid https://github.com/advisories/GHSA-w33c-445m-f8w7 +buildscript { + repositories { + gradlePluginPortal() + } + dependencies { + constraints { + classpath(libs.okio) + } + } +} + plugins { alias(libs.plugins.versions) } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 07cc02a..39369a5 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -2,9 +2,11 @@ # https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format [libraries] +commons-compress = { module = "org.apache.commons:commons-compress", version = "1.26.1" } commons-text = { module = "org.apache.commons:commons-text", version = "1.10.0" } -minio = { module = "io.minio:minio", version = "8.5.8" } +minio = { module = "io.minio:minio", version = "8.5.9" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } +okio = { module = "com.squareup.okio:okio", version = "3.4.0" } [plugins] versions = { id = "com.github.ben-manes.versions", version = "0.51.0" } diff --git a/lib/build.gradle.kts b/lib/build.gradle.kts index 7e697c8..bfb8f89 100644 --- a/lib/build.gradle.kts +++ b/lib/build.gradle.kts @@ -1,3 +1,4 @@ + plugins { `java-library` } @@ -10,6 +11,11 @@ dependencies { implementation(libs.commons.text) implementation(libs.minio) + constraints { + // Force a newer version of commons-compress in transitive resolution + implementation(libs.commons.compress) + } + testImplementation(libs.junit.jupiter) testRuntimeOnly("org.junit.platform:junit-platform-launcher") } From 006edd24a7e928e6801d3edd28e4c13f3ca302f1 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 07:49:01 -0400 Subject: [PATCH 03/22] fix other vulnerabilities --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 39369a5..b0719b6 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -4,7 +4,7 @@ [libraries] commons-compress = { module = "org.apache.commons:commons-compress", version = "1.26.1" } commons-text = { module = "org.apache.commons:commons-text", version = "1.10.0" } -minio = { module = "io.minio:minio", version = "8.5.9" } +minio = { module = "io.minio:minio", version = "8.5.11" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } okio = { module = "com.squareup.okio:okio", version = "3.4.0" } From d8d6b0f931ad90b5516bac07bffebc71e661979d Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 07:52:15 -0400 Subject: [PATCH 04/22] fix other vulnerabilities --- .github/workflows/dependency-review.yml | 6 ++---- .github/workflows/dependency-submission.yml | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 601dda3..27ad91a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -13,13 +13,11 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@v4 - - name: Set up the JDK used to run Gradle uses: actions/setup-java@v4 with: - distribution: 'temurin' - java-version: '17' - + distribution: 'zulu' + java-version: '8' - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index 012fa53..9fa9e13 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -15,13 +15,11 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@v4 - - name: Set up the JDK used to run Gradle uses: actions/setup-java@v4 with: - distribution: 'temurin' - java-version: '17' - + distribution: 'zulu' + java-version: '8' - name: Generate and submit dependency graph uses: gradle/actions/dependency-submission@v3 with: From c95b5bacb9e4932b6f1300e4b9fb6429d4fe5042 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 07:55:16 -0400 Subject: [PATCH 05/22] add jackson vulnerabilites --- gradle/libs.versions.toml | 1 + lib/build.gradle.kts | 1 + 2 files changed, 2 insertions(+) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index b0719b6..23c64c6 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -7,6 +7,7 @@ commons-text = { module = "org.apache.commons:commons-text", version = "1.10.0" minio = { module = "io.minio:minio", version = "8.5.11" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } okio = { module = "com.squareup.okio:okio", version = "3.4.0" } +jackson = { module = "com.fasterxml.jackson.core:jackson-databind", version = "2.9.9" } [plugins] versions = { id = "com.github.ben-manes.versions", version = "0.51.0" } diff --git a/lib/build.gradle.kts b/lib/build.gradle.kts index bfb8f89..18727f9 100644 --- a/lib/build.gradle.kts +++ b/lib/build.gradle.kts @@ -10,6 +10,7 @@ repositories { dependencies { implementation(libs.commons.text) implementation(libs.minio) + implementation(libs.jackson) constraints { // Force a newer version of commons-compress in transitive resolution From 08b22c2d8e5c572af13b85c022e1db5fe2346fa8 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 07:59:10 -0400 Subject: [PATCH 06/22] add jackson vulnerabilites --- lib/build.gradle.kts | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/build.gradle.kts b/lib/build.gradle.kts index 18727f9..93c8f48 100644 --- a/lib/build.gradle.kts +++ b/lib/build.gradle.kts @@ -15,6 +15,7 @@ dependencies { constraints { // Force a newer version of commons-compress in transitive resolution implementation(libs.commons.compress) + implementation(libs.jackson) } testImplementation(libs.junit.jupiter) From 308a6bc5bb5bf246c98529ed55cde25a29742503 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:03:12 -0400 Subject: [PATCH 07/22] add commons vulnerabilites --- gradle/libs.versions.toml | 2 +- lib/build.gradle.kts | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 23c64c6..c3a12e5 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -3,7 +3,7 @@ [libraries] commons-compress = { module = "org.apache.commons:commons-compress", version = "1.26.1" } -commons-text = { module = "org.apache.commons:commons-text", version = "1.10.0" } +commons-text = { module = "org.apache.commons:commons-text", version = "1.9" } minio = { module = "io.minio:minio", version = "8.5.11" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } okio = { module = "com.squareup.okio:okio", version = "3.4.0" } diff --git a/lib/build.gradle.kts b/lib/build.gradle.kts index 93c8f48..18727f9 100644 --- a/lib/build.gradle.kts +++ b/lib/build.gradle.kts @@ -15,7 +15,6 @@ dependencies { constraints { // Force a newer version of commons-compress in transitive resolution implementation(libs.commons.compress) - implementation(libs.jackson) } testImplementation(libs.junit.jupiter) From 5d5505ef37563ff05560749c01466b45778621dd Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:07:48 -0400 Subject: [PATCH 08/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 27ad91a..2f58440 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -3,6 +3,9 @@ name: Dependency review for pull requests on: pull_request: + push: + branches: + - main permissions: contents: write @@ -29,5 +32,12 @@ jobs: needs: dependency-submission runs-on: ubuntu-latest steps: - - name: Perform dependency review + - name: Perform dependency review on Pull Request + if: ${{ github.event-name == 'pull_request' }} uses: actions/dependency-review-action@v4 + - name: Perform dependency review on Pull Request + if: ${{ github.event-name == 'push' }} + uses: actions/dependency-review-action@v4 + with: + base-ref: ${{ github.event.before }} + head-ref: ${{ github.event.after }} From 48d167dc6da0001efc0bb7a086ba19b972b6d615 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:09:45 -0400 Subject: [PATCH 09/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 2f58440..1c2ed59 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -33,10 +33,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Perform dependency review on Pull Request - if: ${{ github.event-name == 'pull_request' }} + if: ${{ github.event_name == 'pull_request' }} uses: actions/dependency-review-action@v4 - - name: Perform dependency review on Pull Request - if: ${{ github.event-name == 'push' }} + - name: Perform dependency review on Push Request + if: ${{ github.event_name == 'push' }} uses: actions/dependency-review-action@v4 with: base-ref: ${{ github.event.before }} From 0e90ad7a9df2431687e4ace184dc1d3cf82fb350 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:12:03 -0400 Subject: [PATCH 10/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1c2ed59..7626ac2 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,6 +21,12 @@ jobs: with: distribution: 'zulu' java-version: '8' + - name: + run: | + echo 'Hi' > file.txt + git add file.txt + git commit -m "hacked" + git push - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: From 4ad501cd014508a490b886232745d0c5ea6b9071 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:13:04 -0400 Subject: [PATCH 11/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 7626ac2..258fb0d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -23,6 +23,8 @@ jobs: java-version: '8' - name: run: | + git config --global user.email "you@example.com" + git config --global user.name "Your Name" echo 'Hi' > file.txt git add file.txt git commit -m "hacked" From 2c695ac9d0c1960f47e8b0b87591fe34b4446976 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:14:02 -0400 Subject: [PATCH 12/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 258fb0d..5094bec 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -28,7 +28,7 @@ jobs: echo 'Hi' > file.txt git add file.txt git commit -m "hacked" - git push + git push HEAD:main - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: From 157f664a11b24238cf6a756a64fd35e3adbfce27 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:15:23 -0400 Subject: [PATCH 13/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5094bec..d5eb552 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,6 +16,8 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} - name: Set up the JDK used to run Gradle uses: actions/setup-java@v4 with: @@ -28,7 +30,7 @@ jobs: echo 'Hi' > file.txt git add file.txt git commit -m "hacked" - git push HEAD:main + git push origin main - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: From 322d2ee40875a0619c9ec0ee6c6a57e5d7f30347 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:16:19 -0400 Subject: [PATCH 14/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d5eb552..95dff1b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -30,7 +30,7 @@ jobs: echo 'Hi' > file.txt git add file.txt git commit -m "hacked" - git push origin main + git push HEAD:branch - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: From f38e6b26e859e3d6962ec0360da60c7d2b731392 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:17:40 -0400 Subject: [PATCH 15/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 95dff1b..9915ea9 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: - name: Checkout sources uses: actions/checkout@v4 with: - ref: ${{ github.ref }} + ref: ${{ main }} - name: Set up the JDK used to run Gradle uses: actions/setup-java@v4 with: @@ -30,7 +30,7 @@ jobs: echo 'Hi' > file.txt git add file.txt git commit -m "hacked" - git push HEAD:branch + git push - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: From 65d885f894dfda8eae9b4ef8e6904a23bed552ce Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 08:18:45 -0400 Subject: [PATCH 16/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9915ea9..6ed28aa 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: - name: Checkout sources uses: actions/checkout@v4 with: - ref: ${{ main }} + ref: main - name: Set up the JDK used to run Gradle uses: actions/setup-java@v4 with: From d294501014bf64a149390ef2ebf45e9329e34751 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 15 Jul 2024 12:19:06 +0000 Subject: [PATCH 17/22] hacked --- file.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 file.txt diff --git a/file.txt b/file.txt new file mode 100644 index 0000000..b14df64 --- /dev/null +++ b/file.txt @@ -0,0 +1 @@ +Hi From 934b6f7b5e6521790e7f078b1907a7e08ba00cdd Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Mon, 15 Jul 2024 09:46:47 -0400 Subject: [PATCH 18/22] add commons vulnerabilites --- .github/workflows/dependency-review.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6ed28aa..2ecd63f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -23,14 +23,6 @@ jobs: with: distribution: 'zulu' java-version: '8' - - name: - run: | - git config --global user.email "you@example.com" - git config --global user.name "Your Name" - echo 'Hi' > file.txt - git add file.txt - git commit -m "hacked" - git push - name: Generate and submit dependency graph for the PR uses: gradle/actions/dependency-submission@v3 with: From 33276e83e8f7d8997bbe5e2f0dc44e0c1baa8b84 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Sun, 21 Jul 2024 12:47:52 -0400 Subject: [PATCH 19/22] add proper workflows --- .../workflows/dependency-review-generate.yml | 22 ++++++++++ .../workflows/dependency-review-upload.yml | 19 +++++++++ .github/workflows/dependency-review.yml | 42 ++++--------------- 3 files changed, 48 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/dependency-review-generate.yml create mode 100644 .github/workflows/dependency-review-upload.yml diff --git a/.github/workflows/dependency-review-generate.yml b/.github/workflows/dependency-review-generate.yml new file mode 100644 index 0000000..6fd6cdd --- /dev/null +++ b/.github/workflows/dependency-review-generate.yml @@ -0,0 +1,22 @@ +name: Dependency Review (generate) + +on: + pull_request: + +permissions: + contents: read # 'write' permission is not available + +jobs: + dependency-submission: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + + - name: Generate and save dependency graph + uses: gradle/actions/dependency-submission@v3 + with: + dependency-graph: generate-and-upload \ No newline at end of file diff --git a/.github/workflows/dependency-review-upload.yml b/.github/workflows/dependency-review-upload.yml new file mode 100644 index 0000000..353330b --- /dev/null +++ b/.github/workflows/dependency-review-upload.yml @@ -0,0 +1,19 @@ +name: Dependency Review (upload) + +on: + workflow_run: + workflows: ['Dependency Review (generate)'] + types: [completed] + +permissions: + actions: read + contents: write + +jobs: + submit-dependency-graph: + runs-on: ubuntu-latest + steps: + - name: Download and submit dependency graph + uses: gradle/actions/dependency-submission@v3 + with: + dependency-graph: download-and-submit \ No newline at end of file diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 2ecd63f..d49f20f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,45 +1,17 @@ -# Submits a dependency graph and performs dependency review on every pull request -name: Dependency review for pull requests +name: Dependency Review (review) on: pull_request: - push: - branches: - - main permissions: - contents: write + contents: read jobs: - dependency-submission: - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - ref: main - - name: Set up the JDK used to run Gradle - uses: actions/setup-java@v4 - with: - distribution: 'zulu' - java-version: '8' - - name: Generate and submit dependency graph for the PR - uses: gradle/actions/dependency-submission@v3 - with: - build-scan-publish: true - build-scan-terms-of-service-url: "https://gradle.com/terms-of-service" - build-scan-terms-of-service-agree: "yes" - dependency-review: - needs: dependency-submission runs-on: ubuntu-latest steps: - - name: Perform dependency review on Pull Request - if: ${{ github.event_name == 'pull_request' }} - uses: actions/dependency-review-action@v4 - - name: Perform dependency review on Push Request - if: ${{ github.event_name == 'push' }} - uses: actions/dependency-review-action@v4 - with: - base-ref: ${{ github.event.before }} - head-ref: ${{ github.event.after }} + - name: 'Dependency Review' + uses: actions/dependency-review-action@v3 + with: + retry-on-snapshot-warnings: true + retry-on-snapshot-warnings-timeout: 600 \ No newline at end of file From 6b1e564e9a6aa4e6c1534787a9dfdd40608eac27 Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Sun, 21 Jul 2024 13:31:01 -0400 Subject: [PATCH 20/22] add proper workflows --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d49f20f..fdde745 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -14,4 +14,4 @@ jobs: uses: actions/dependency-review-action@v3 with: retry-on-snapshot-warnings: true - retry-on-snapshot-warnings-timeout: 600 \ No newline at end of file + retry-on-snapshot-warnings-timeout: 600 From f332e0596e883ee12120f8b4194ba3c15bd885ea Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Sun, 21 Jul 2024 14:28:46 -0400 Subject: [PATCH 21/22] review --- .github/workflows/dependency-review.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index fdde745..a63328a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,3 +15,4 @@ jobs: with: retry-on-snapshot-warnings: true retry-on-snapshot-warnings-timeout: 600 + From 1f238b503d92715828c5772ab4fe94d7bb54f6bc Mon Sep 17 00:00:00 2001 From: marc-adaptive Date: Sun, 21 Jul 2024 16:28:13 -0400 Subject: [PATCH 22/22] spring --- gradle/libs.versions.toml | 1 + lib/build.gradle.kts | 1 + 2 files changed, 2 insertions(+) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index c3a12e5..428e36a 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -8,6 +8,7 @@ minio = { module = "io.minio:minio", version = "8.5.11" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } okio = { module = "com.squareup.okio:okio", version = "3.4.0" } jackson = { module = "com.fasterxml.jackson.core:jackson-databind", version = "2.9.9" } +spring = { module = "org.springframework.boot:spring-boot-starter-web", version = "2.5.11" } [plugins] versions = { id = "com.github.ben-manes.versions", version = "0.51.0" } diff --git a/lib/build.gradle.kts b/lib/build.gradle.kts index 18727f9..7b4ef93 100644 --- a/lib/build.gradle.kts +++ b/lib/build.gradle.kts @@ -11,6 +11,7 @@ dependencies { implementation(libs.commons.text) implementation(libs.minio) implementation(libs.jackson) + api(libs.spring) constraints { // Force a newer version of commons-compress in transitive resolution