From 699605a5bee8301af11c36edf3534c4cb33a5f39 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Fri, 21 Mar 2025 10:05:26 +0100 Subject: [PATCH 01/41] chore: add dirty-waters-action@v1.11.24 to code quality workflow --- .github/workflows/code-qualitiy.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index e85984e24..2a03d6800 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -99,3 +99,24 @@ jobs: - name: Run reproducibility check run: mvn clean install + dirty-waters: + runs-on: + ubuntu-latest + permissions: + pull-requests: write # To comment on a Pull Request + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - name: Setup JDK17 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + - name: Dirty Waters Analysis + uses: chains-project/dirty-waters-action@v1.11.24 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + package_manager: maven + gradual_report: false + From ccd115177caf88fce0f22acac5f0523e16c2250c Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Wed, 26 Mar 2025 13:57:05 +0100 Subject: [PATCH 02/41] chore: bump to 1.11.31; ignoring cache for one run, to gather parents too --- .github/workflows/code-qualitiy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 2a03d6800..2a06d340a 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,9 +114,10 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.24 + uses: chains-project/dirty-waters-action@v1.11.31 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven + ignore_cache: "true" gradual_report: false From 1f5b8326b2f86a40dffbf162960f9fd123c134b0 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Wed, 26 Mar 2025 14:55:14 +0100 Subject: [PATCH 03/41] chore: revert to not ignoring cache --- .github/workflows/code-qualitiy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 2a06d340a..e8740e0f5 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -118,6 +118,5 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven - ignore_cache: "true" gradual_report: false From 4f38a39e504dcd3940402bfd77d812198b246487 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Mon, 31 Mar 2025 00:34:44 +0200 Subject: [PATCH 04/41] chore: re-run with debug flag active --- .github/workflows/code-qualitiy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index e8740e0f5..1a25716f6 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -119,4 +119,5 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven gradual_report: false + debug: true From 6dbc05abb39246af5b050a8f42ba267e112fbf95 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Mon, 31 Mar 2025 00:58:31 +0200 Subject: [PATCH 05/41] chore: bump to v1.11.33 --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 1a25716f6..357429532 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,7 +114,7 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.31 + uses: chains-project/dirty-waters-action@v1.11.33 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 748cbe222e68c3bfe49f85bc2ac800e721f9958e Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Wed, 2 Apr 2025 11:01:30 +0200 Subject: [PATCH 06/41] chore: bump to v1.11.35; adds option to ignore parent deps --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 357429532..4ce3ef3f5 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,7 +114,7 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.33 + uses: chains-project/dirty-waters-action@v1.11.35 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 50ea6c35fa6a5e51b7d8c6c6fc19adcbec5e15ed Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 2 Apr 2025 13:02:27 +0200 Subject: [PATCH 07/41] Add ignore config --- .github/workflows/code-qualitiy.yml | 1 + dirty-waters.json | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 dirty-waters.json diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 4ce3ef3f5..61ab32c13 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -120,4 +120,5 @@ jobs: package_manager: maven gradual_report: false debug: true + config: dirty-waters.json diff --git a/dirty-waters.json b/dirty-waters.json new file mode 100644 index 000000000..2139a81df --- /dev/null +++ b/dirty-waters.json @@ -0,0 +1,12 @@ +{ + "ignore": { + "org.sonatype.plexus:plexus-sec-dispatcher@1.3": "provenance", + "org.sonatype.plexus:plexus-cipher@1.4": "provenance", + "commons-beanutils:commons-beanutils@1.7.0": "provenance", + "dom4j:dom4j@1.1": "provenance", + "oro:oro@2.0.8": "provenance", + "org.iq80.snappy:snappy@0.4": "provenance" + } +} + + From 80c933c6025e9116eb351cfdf8b35eb4a7f49cde Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 2 Apr 2025 13:08:21 +0200 Subject: [PATCH 08/41] Update config with source_code --- dirty-waters.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index 2139a81df..901058fe5 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -1,11 +1,11 @@ { "ignore": { - "org.sonatype.plexus:plexus-sec-dispatcher@1.3": "provenance", - "org.sonatype.plexus:plexus-cipher@1.4": "provenance", - "commons-beanutils:commons-beanutils@1.7.0": "provenance", - "dom4j:dom4j@1.1": "provenance", - "oro:oro@2.0.8": "provenance", - "org.iq80.snappy:snappy@0.4": "provenance" + "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"], + "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"], + "commons-beanutils:commons-beanutils@1.7.0": ["source_code"], + "dom4j:dom4j@1.1": ["source_code"], + "oro:oro@2.0.8": ["source_code"], + "org.iq80.snappy:snappy@0.4": ["source_code_sha"] } } From 129cbbbfcab073a0ed488907d0c8a15b3e177e3c Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 2 Apr 2025 17:58:59 +0200 Subject: [PATCH 09/41] Change path to config --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 61ab32c13..19b5605b6 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -120,5 +120,5 @@ jobs: package_manager: maven gradual_report: false debug: true - config: dirty-waters.json + config: chains-project/maven-lockfile/dirty-waters.json From 416bdde29124e456be01a7a3bb365de5b343f2fb Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 2 Apr 2025 18:24:25 +0200 Subject: [PATCH 10/41] Specify PR base for analysis --- .github/workflows/code-qualitiy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 19b5605b6..e484a09da 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -117,6 +117,7 @@ jobs: uses: chains-project/dirty-waters-action@v1.11.35 with: github_token: ${{ secrets.GITHUB_TOKEN }} + version_old: ${{ github.event.pull_request.base.sha }} package_manager: maven gradual_report: false debug: true From d17f43c8ca7842325f93489dc872ea9f04884bfa Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 2 Apr 2025 18:29:41 +0200 Subject: [PATCH 11/41] Run on PR head ref --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index e484a09da..d39d50d48 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -117,7 +117,7 @@ jobs: uses: chains-project/dirty-waters-action@v1.11.35 with: github_token: ${{ secrets.GITHUB_TOKEN }} - version_old: ${{ github.event.pull_request.base.sha }} + version_old: ${{ github.event.pull_request.head.ref }} package_manager: maven gradual_report: false debug: true From 4a43e7e1639010d55c6248c3dcc6864fbd35fccd Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 2 Apr 2025 18:32:10 +0200 Subject: [PATCH 12/41] Reset to HEAD --- .github/workflows/code-qualitiy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index d39d50d48..19b5605b6 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -117,7 +117,6 @@ jobs: uses: chains-project/dirty-waters-action@v1.11.35 with: github_token: ${{ secrets.GITHUB_TOKEN }} - version_old: ${{ github.event.pull_request.head.ref }} package_manager: maven gradual_report: false debug: true From 04bcb3e29052d7a65624b73c2677ff8f9d5822e8 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Wed, 2 Apr 2025 23:20:05 +0200 Subject: [PATCH 13/41] bump to v1.11.39; new version fixes config-file bug --- .github/workflows/code-qualitiy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 19b5605b6..2613469e3 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,11 +114,11 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.35 + uses: chains-project/dirty-waters-action@v1.11.39 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven gradual_report: false debug: true - config: chains-project/maven-lockfile/dirty-waters.json + config: dirty-waters.json From 8933ed17e84084971efe38b98c0984fdebfd0051 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Wed, 2 Apr 2025 23:42:22 +0200 Subject: [PATCH 14/41] chore: bump to v1.11.40; fixes issue where if entries were cached they were shown, even if ignored --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 2613469e3..63ebb3105 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,7 +114,7 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.39 + uses: chains-project/dirty-waters-action@v1.11.40 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 0906a71ad10c560c0a3741cdc8418827c821cd16 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Thu, 3 Apr 2025 00:04:31 +0200 Subject: [PATCH 15/41] chore: bump to v1.11.41; added check for disallowing conflicting configs --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 63ebb3105..774b78016 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,7 +114,7 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.40 + uses: chains-project/dirty-waters-action@v1.11.41 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 988e791e5c56f22aeab8bd728706636cecc3b9f9 Mon Sep 17 00:00:00 2001 From: Diogo Gaspar Date: Thu, 3 Apr 2025 00:21:54 +0200 Subject: [PATCH 16/41] chore: bump to v1.11.42; dirty-waters now resolves config conflicts instead of breaking --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 774b78016..de56f7c54 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -114,7 +114,7 @@ jobs: distribution: 'temurin' java-version: '17' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.41 + uses: chains-project/dirty-waters-action@v1.11.42 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 3b7de10cacee3fd1587641ab53d800a7af917e03 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 3 Apr 2025 08:35:08 +0200 Subject: [PATCH 17/41] Do not check for source code, avoid 404 --- dirty-waters.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index 901058fe5..0ea0961ee 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -5,8 +5,6 @@ "commons-beanutils:commons-beanutils@1.7.0": ["source_code"], "dom4j:dom4j@1.1": ["source_code"], "oro:oro@2.0.8": ["source_code"], - "org.iq80.snappy:snappy@0.4": ["source_code_sha"] + "org.iq80.snappy:snappy@0.4": ["source_code"] } } - - From cf57a06a442c129715531990f736ae179e49a9f4 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 3 Apr 2025 12:12:32 +0200 Subject: [PATCH 18/41] Ignore source_code_sha, missing tags for plugins with many deps --- dirty-waters.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dirty-waters.json b/dirty-waters.json index 0ea0961ee..96ab6c778 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -6,5 +6,10 @@ "dom4j:dom4j@1.1": ["source_code"], "oro:oro@2.0.8": ["source_code"], "org.iq80.snappy:snappy@0.4": ["source_code"] + }, + "ignore-if-parent": { + "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"], + "org.apache.maven.plugins:maven-artifact-plugin@3.6.0": ["source_code_sha"], + "org.apache.maven.plugins:maven-site-plugin@3.21.0": ["source_code_sha"] } } From bf82d290b1ae7ce78f7e83cefa530a94134e6dbb Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 3 Apr 2025 12:27:01 +0200 Subject: [PATCH 19/41] Ignore code_signatures for deps with missing --- dirty-waters.json | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index 96ab6c778..7210639ff 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -2,10 +2,25 @@ "ignore": { "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"], "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"], - "commons-beanutils:commons-beanutils@1.7.0": ["source_code"], - "dom4j:dom4j@1.1": ["source_code"], - "oro:oro@2.0.8": ["source_code"], - "org.iq80.snappy:snappy@0.4": ["source_code"] + "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"], + "dom4j:dom4j@1.1": ["source_code", "code_signature"], + "oro:oro@2.0.8": ["source_code", "code_signature"], + "org.iq80.snappy:snappy@0.4": ["source_code"], + "javax.inject:javax.inject@1": ["code_signature"], + "com.google.collections:google-collections@1.0": ["code_signature"], + "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"], + "commons-digester:commons-digester@1.8": ["code_signature"], + "commons-chain:commons-chain@1.1": ["code_signature"], + "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"], + "org.jboss.logmanager:jboss-logmanager@3.1.2.Final": ["code_signature"], + "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"], + "aopalliance:aopalliance@1.0": ["code_signature"], + "org.aesh:readline@2.6": ["code_signature"], + "org.aesh:aesh@2.8.2": ["code_signature"], + "org.wildfly.common:wildfly-common@2.0.1": "[code_signature]", + "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"], + "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"], + "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature"] }, "ignore-if-parent": { "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"], @@ -13,3 +28,6 @@ "org.apache.maven.plugins:maven-site-plugin@3.21.0": ["source_code_sha"] } } + + + From 3e890555a50c732421fda2bc8dec72db2ed2d861 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 3 Apr 2025 12:31:17 +0200 Subject: [PATCH 20/41] Ignore deps with missing tags --- dirty-waters.json | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index 7210639ff..0ae6a63dd 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -16,11 +16,44 @@ "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"], "aopalliance:aopalliance@1.0": ["code_signature"], "org.aesh:readline@2.6": ["code_signature"], - "org.aesh:aesh@2.8.2": ["code_signature"], + "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"], "org.wildfly.common:wildfly-common@2.0.1": "[code_signature]", "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"], "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"], - "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature"] + "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"], + "commons-codec:commons-codec@1.17.1": ["source_code_sha"], + "commons-io:commons-io@2.18.0": ["source_code_sha"], + "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"], + "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"], + "commons-codec:commons-codec@1.18.0": ["source_code_sha"], + "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"], + "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"], + "com.google.guava:guava@33.4.0-jre": ["source_code_sha"], + "commons-cli:commons-cli@1.8.0": ["source_code_sha"], + "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"], + "io.github.crac:org-crac@0.1.3": ["source_code_sha"], + "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"], + "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"], + "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"], + "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"], + "org.jdom:jdom2@2.0.6.1": ["source_code_sha"], + "jakarta.el:jakarta.el-api@5.0.1": "[source_code_sha]", + "jakarta.interceptor:jakarta.interceptor-api@2.2.0": ["source_code_sha"], + "org.apache.commons:commons-collections4@4.4": ["source_code_sha"], + "jakarta.json:jakarta.json-api@2.1.3": ["source_code_sha"], + "org.twdata.maven:mojo-executor@2.4.0": ["source_code_sha"], + "commons-io:commons-io@2.16.1": ["source_code_sha"], + "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"], + "commons-io:commons-io@2.14.0": ["source_code_sha"], + "commons-io:commons-io@2.11.0": ["source_code_sha"], + "org.apache.commons:commons-compress@1.26.1": ["source_code_sha"], + "commons-codec:commons-codec@1.16.1": ["source_code_sha"], + "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"], + "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"], + "io.vertx:vertx-uri-template@4.5.13": "[source_code_sha]", + "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"], + "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"], + "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"] }, "ignore-if-parent": { "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"], @@ -31,3 +64,4 @@ + From 13a6faa656f04da252807605f0d7751d461ec1f8 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 3 Apr 2025 12:35:08 +0200 Subject: [PATCH 21/41] Formatting error --- dirty-waters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dirty-waters.json b/dirty-waters.json index 0ae6a63dd..d8f5553ae 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -17,7 +17,7 @@ "aopalliance:aopalliance@1.0": ["code_signature"], "org.aesh:readline@2.6": ["code_signature"], "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"], - "org.wildfly.common:wildfly-common@2.0.1": "[code_signature]", + "org.wildfly.common:wildfly-common@2.0.1": ["code_signature"], "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"], "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"], "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"], From d5960f085ecf3b859b90f3149f2adc00a6043793 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 3 Apr 2025 12:39:05 +0200 Subject: [PATCH 22/41] JSON formatting errors --- dirty-waters.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index d8f5553ae..6ccc6c27a 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -37,7 +37,7 @@ "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"], "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"], "org.jdom:jdom2@2.0.6.1": ["source_code_sha"], - "jakarta.el:jakarta.el-api@5.0.1": "[source_code_sha]", + "jakarta.el:jakarta.el-api@5.0.1": ["source_code_sha"], "jakarta.interceptor:jakarta.interceptor-api@2.2.0": ["source_code_sha"], "org.apache.commons:commons-collections4@4.4": ["source_code_sha"], "jakarta.json:jakarta.json-api@2.1.3": ["source_code_sha"], @@ -50,7 +50,7 @@ "commons-codec:commons-codec@1.16.1": ["source_code_sha"], "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"], "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"], - "io.vertx:vertx-uri-template@4.5.13": "[source_code_sha]", + "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"], "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"], "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"], "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"] From 0b41cf4c10e825c24f6b8da060643630d361a28d Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sat, 5 Apr 2025 02:47:02 +0200 Subject: [PATCH 23/41] Pin actions to sha's --- .github/workflows/code-qualitiy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index de56f7c54..9d2d8eca3 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -105,16 +105,16 @@ jobs: permissions: pull-requests: write # To comment on a Pull Request steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - name: Setup JDK17 - uses: actions/setup-java@v4 + uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: - distribution: 'temurin' java-version: '17' + distribution: 'temurin' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.42 + uses: chains-project/dirty-waters-action@c66f3ec3a34924dcad7717e316223dd17cdf5a57 # v1.11.42 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From fcd7eb9548b28b1e4d7c701b928c94550af36b88 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sat, 5 Apr 2025 02:48:32 +0200 Subject: [PATCH 24/41] Add harden runner with audit --- .github/workflows/code-qualitiy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 9d2d8eca3..2de19d7bb 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -105,6 +105,12 @@ jobs: permissions: pull-requests: write # To comment on a Pull Request steps: + - name: Harden Runner + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true From bd2c1eb99cd5ff3c9184fae257b6b8980f603b04 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sat, 5 Apr 2025 02:51:34 +0200 Subject: [PATCH 25/41] Enable sudo --- .github/workflows/code-qualitiy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 2de19d7bb..dba97ab06 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -108,7 +108,6 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: - disable-sudo: true egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From ce9ddec66854ef71c78664e6ad63927c55dda668 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sat, 5 Apr 2025 05:54:44 +0200 Subject: [PATCH 26/41] use tag to test if sha breaks config --- .github/workflows/code-qualitiy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index dba97ab06..19d6ed212 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -119,7 +119,8 @@ jobs: java-version: '17' distribution: 'temurin' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@c66f3ec3a34924dcad7717e316223dd17cdf5a57 # v1.11.42 + # uses: chains-project/dirty-waters-action@c66f3ec3a34924dcad7717e316223dd17cdf5a57 # v1.11.42 + uses: chains-project/dirty-waters-action@v1.11.42 # c66f3ec3a34924dcad7717e316223dd17cdf5a57 # v1.11.42 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 7d81f2d8b4053b502ed5db818d3d86c38cab7b12 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sat, 5 Apr 2025 16:04:37 +0200 Subject: [PATCH 27/41] Add commit to have comment removed in prev commit From ecaae14e939e5e973a32d9b332680de9ef19b126 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sun, 6 Apr 2025 01:11:09 +0200 Subject: [PATCH 28/41] Add sigstore dep to code signature ignore list --- dirty-waters.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dirty-waters.json b/dirty-waters.json index 6ccc6c27a..39fec7671 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -53,7 +53,8 @@ "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"], "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"], "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"], - "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"] + "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"], + "om.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"] }, "ignore-if-parent": { "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"], From 8262d653ed141da959bb2c82077516e230dcbb2f Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Sun, 6 Apr 2025 01:12:25 +0200 Subject: [PATCH 29/41] Remove empty lines at bottom of file --- dirty-waters.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index 39fec7671..c8f681061 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -62,7 +62,3 @@ "org.apache.maven.plugins:maven-site-plugin@3.21.0": ["source_code_sha"] } } - - - - From ef146490cfde0cece797675bfa45ba60be29d4c2 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 16 Apr 2025 12:58:35 +0200 Subject: [PATCH 30/41] Update to 1.11.43 --- .github/workflows/code-qualitiy.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 19d6ed212..a3d932ab9 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -119,8 +119,7 @@ jobs: java-version: '17' distribution: 'temurin' - name: Dirty Waters Analysis - # uses: chains-project/dirty-waters-action@c66f3ec3a34924dcad7717e316223dd17cdf5a57 # v1.11.42 - uses: chains-project/dirty-waters-action@v1.11.42 # c66f3ec3a34924dcad7717e316223dd17cdf5a57 # v1.11.42 + uses: chains-project/dirty-waters-action@66ab87b64de0909a21b0c8274d812d4f52f15d2b # v1.11.43 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 30a0ca0ce262784e495792cbb6fef7d77a81ec88 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Mon, 5 May 2025 16:06:22 +0200 Subject: [PATCH 31/41] Bump dirty-waters-action to 1.11.45, using dirty-waters 0.97.0 --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index a3d932ab9..69d9e8257 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -119,7 +119,7 @@ jobs: java-version: '17' distribution: 'temurin' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@66ab87b64de0909a21b0c8274d812d4f52f15d2b # v1.11.43 + uses: chains-project/dirty-waters-action@57e2b7be964e687bdab629460efb274053fe3b28 # v1.11.45 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven From 5d19f0e2d6098ec5cc4540f2d76f3586486c5d6a Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 7 May 2025 11:28:25 +0200 Subject: [PATCH 32/41] Sort alphabetically --- dirty-waters.json | 88 +++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/dirty-waters.json b/dirty-waters.json index c8f681061..056689f65 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -1,60 +1,60 @@ { "ignore": { - "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"], - "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"], - "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"], - "dom4j:dom4j@1.1": ["source_code", "code_signature"], - "oro:oro@2.0.8": ["source_code", "code_signature"], - "org.iq80.snappy:snappy@0.4": ["source_code"], - "javax.inject:javax.inject@1": ["code_signature"], + "aopalliance:aopalliance@1.0": ["code_signature"], "com.google.collections:google-collections@1.0": ["code_signature"], - "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"], - "commons-digester:commons-digester@1.8": ["code_signature"], + "com.google.guava:guava@33.4.0-jre": ["source_code_sha"], + "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"], "commons-chain:commons-chain@1.1": ["code_signature"], - "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"], - "org.jboss.logmanager:jboss-logmanager@3.1.2.Final": ["code_signature"], - "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"], - "aopalliance:aopalliance@1.0": ["code_signature"], - "org.aesh:readline@2.6": ["code_signature"], - "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"], - "org.wildfly.common:wildfly-common@2.0.1": ["code_signature"], - "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"], - "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"], - "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"], + "commons-cli:commons-cli@1.8.0": ["source_code_sha"], + "commons-codec:commons-codec@1.16.1": ["source_code_sha"], "commons-codec:commons-codec@1.17.1": ["source_code_sha"], - "commons-io:commons-io@2.18.0": ["source_code_sha"], - "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"], - "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"], "commons-codec:commons-codec@1.18.0": ["source_code_sha"], - "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"], - "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"], - "com.google.guava:guava@33.4.0-jre": ["source_code_sha"], - "commons-cli:commons-cli@1.8.0": ["source_code_sha"], - "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"], + "commons-digester:commons-digester@1.8": ["code_signature"], + "commons-io:commons-io@2.11.0": ["source_code_sha"], + "commons-io:commons-io@2.14.0": ["source_code_sha"], + "commons-io:commons-io@2.16.1": ["source_code_sha"], + "commons-io:commons-io@2.18.0": ["source_code_sha"], + "dom4j:dom4j@1.1": ["source_code", "code_signature"], "io.github.crac:org-crac@0.1.3": ["source_code_sha"], - "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"], - "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"], - "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"], - "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"], - "org.jdom:jdom2@2.0.6.1": ["source_code_sha"], + "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"], + "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"], + "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"], + "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"], "jakarta.el:jakarta.el-api@5.0.1": ["source_code_sha"], "jakarta.interceptor:jakarta.interceptor-api@2.2.0": ["source_code_sha"], - "org.apache.commons:commons-collections4@4.4": ["source_code_sha"], "jakarta.json:jakarta.json-api@2.1.3": ["source_code_sha"], - "org.twdata.maven:mojo-executor@2.4.0": ["source_code_sha"], - "commons-io:commons-io@2.16.1": ["source_code_sha"], - "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"], - "commons-io:commons-io@2.14.0": ["source_code_sha"], - "commons-io:commons-io@2.11.0": ["source_code_sha"], + "javax.inject:javax.inject@1": ["code_signature"], + "om.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"], + "org.aesh:aesh@2.8.2": ["code_signature", "source_code_sha"], + "org.aesh:readline@2.6": ["code_signature"], + "org.apache.commons:commons-collections4@4.4": ["source_code_sha"], "org.apache.commons:commons-compress@1.26.1": ["source_code_sha"], - "commons-codec:commons-codec@1.16.1": ["source_code_sha"], + "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"], "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"], - "io.vertx:vertx-web-client@4.5.13": ["source_code_sha"], - "io.vertx:vertx-uri-template@4.5.13": ["source_code_sha"], - "io.vertx:vertx-web-common@4.5.13": ["source_code_sha"], - "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"], + "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"], + "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"], + "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"], + "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"], + "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"], + "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"], + "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"], + "org.iq80.snappy:snappy@0.4": ["source_code"], + "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"], + "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"], + "org.jboss.logging:jboss-logging@3.6.1.Final": ["code_signature"], + "org.jboss.logmanager:jboss-logmanager@3.1.2.Final": ["code_signature"], "org.jboss.marshalling:jboss-marshalling@2.2.2.Final": ["source_code_sha"], - "om.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"] + "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"], + "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"], + "org.jdom:jdom2@2.0.6.1": ["source_code_sha"], + "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"], + "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"], + "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"], + "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"], + "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"], + "org.twdata.maven:mojo-executor@2.4.0": ["source_code_sha"], + "org.wildfly.common:wildfly-common@2.0.1": ["code_signature"], + "oro:oro@2.0.8": ["source_code", "code_signature"] }, "ignore-if-parent": { "com.diffplug.spotless:spotless-maven-plugin@2.44.3": ["source_code_sha"], From 587f514894e7c04a48476621fa4d4a85a72bad00 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 28 May 2025 01:21:10 +0200 Subject: [PATCH 33/41] Add ignore of missing code signature --- dirty-waters.json | 1 + 1 file changed, 1 insertion(+) diff --git a/dirty-waters.json b/dirty-waters.json index 056689f65..379a13c5d 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -3,6 +3,7 @@ "aopalliance:aopalliance@1.0": ["code_signature"], "com.google.collections:google-collections@1.0": ["code_signature"], "com.google.guava:guava@33.4.0-jre": ["source_code_sha"], + "com.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"], "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"], "commons-chain:commons-chain@1.1": ["code_signature"], "commons-cli:commons-cli@1.8.0": ["source_code_sha"], From 8f38bccde6ec3ccd85c64af38783542512a30f74 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Fri, 6 Jun 2025 00:33:29 +0200 Subject: [PATCH 34/41] Add ghasum, update dirty-waters action --- .github/workflows/code-qualitiy.yml | 11 ++++++++--- .github/workflows/gha.sum | 10 +++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 69d9e8257..65e155aec 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -106,20 +106,25 @@ jobs: pull-requests: write # To comment on a Pull Request steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true + + - name: Verify action checksums + uses: ./.github/actions/ghasum + - name: Setup JDK17 - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + uses: actions/setup-java@v4.7.1 with: java-version: '17' distribution: 'temurin' + - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@57e2b7be964e687bdab629460efb274053fe3b28 # v1.11.45 + uses: chains-project/dirty-waters-action@v1.11.48 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index ae00b7543..4cf95b33b 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -5,10 +5,14 @@ actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 aYx2ZNrV/U9daVa5XJLnuR actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 Gd1O6ZG0JtkpyKVsxOwIuNtshdlcYheIADUYdNOIOjo= actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 vSiNC7HetrtPF3QhZDzPHWyJ1e8pFltzruLjcw65Sok= actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA1OGC3jxGBnmx7eTIdEzwSoI= -actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= +actions/setup-java@v4.7.1 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= +actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= -github/codeql-action@96f518a34f7a870018057716cc4d7a5c014bd61c h0CGAC50uRuMQV8hj6pLuc5zMsaXvXYE/35vEhbnEbs= -jreleaser/release-action@f69e545b05f149483cecb2fb81866247992694b8 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= +actions/upload-artifact@v4.6.2 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= +github/codeql-action@d6bbdef45e766d081b84a2def353b0055f728d3e a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= +github/codeql-action@v3.29.3 a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= +chains-project/dirty-waters-action@v1.11.48 BlbW87cG7BWyVwIVCVZ404lqjY7rTn4kW8qvMsJMUTw= +jreleaser/release-action@2.4.2 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde NlVzVIaycy3fhYp7tgiwvpWvzSsPa48uTVejF6tHEog= stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 5+Y5J+dG+VvtR13IIYuBHcAdJAcnDBQU/U0sRO3YZZw= step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 rG/FhhPP4VlsNB/2lKudn7rieQAYYNLIRb34q19qmFU= From 417e9820b0761ac7987cfbe0d46d8e5ab2159712 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Tue, 29 Jul 2025 18:50:56 +0200 Subject: [PATCH 35/41] Add new missing code shas to config ignore --- dirty-waters.json | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/dirty-waters.json b/dirty-waters.json index 379a13c5d..cb871eb76 100644 --- a/dirty-waters.json +++ b/dirty-waters.json @@ -1,20 +1,42 @@ { "ignore": { "aopalliance:aopalliance@1.0": ["code_signature"], + "com.diffplug.durian:durian-collect@1.2.0": ["source_code_sha"], + "com.diffplug.durian:durian-core@1.2.0": ["source_code_sha"], + "com.diffplug.durian:durian-io@1.2.0": ["source_code_sha"], + "com.diffplug.spotless:spotless-lib-extra@3.1.2": ["source_code_sha"], + "com.diffplug.spotless:spotless-lib@3.1.2": ["source_code_sha"], + "com.diffplug.spotless:spotless-maven-plugin@2.44.5": ["source_code_sha"], + "com.google.code.gson:gson@2.12.1": ["source_code_sha"], + "com.google.code.gson:gson@2.13.1": ["source_code_sha"], "com.google.collections:google-collections@1.0": ["code_signature"], + "com.google.guava:guava@32.0.1-jre": ["source_code_sha"], + "com.google.guava:guava@33.2.1-jre": ["source_code_sha"], "com.google.guava:guava@33.4.0-jre": ["source_code_sha"], + "com.google.guava:guava@33.4.8-jre": ["source_code_sha"], + "com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava": ["source_code_sha"], + "com.google.protobuf:protobuf-java-util@4.29.3": ["source_code_sha"], + "com.google.protobuf:protobuf-java@4.29.3": ["source_code_sha"], "com.kohlschutter.junixsocket:junixsocket-core@2.10.1": ["code_signature"], + "com.soebes.itf.jupiter.extension:itf-assertj@0.13.1": ["source_code_sha"], + "com.soebes.itf.jupiter.extension:itf-extension-maven@0.13.1": ["source_code_sha"], + "com.soebes.itf.jupiter.extension:itf-jupiter-extension@0.13.1": ["source_code_sha"], + "com.soebes.itf.jupiter.extension:itf-maven-plugin@0.13.1": ["source_code_sha"], "commons-beanutils:commons-beanutils@1.7.0": ["source_code", "code_signature"], "commons-chain:commons-chain@1.1": ["code_signature"], "commons-cli:commons-cli@1.8.0": ["source_code_sha"], "commons-codec:commons-codec@1.16.1": ["source_code_sha"], + "commons-codec:commons-codec@1.17.0": ["source_code_sha"], "commons-codec:commons-codec@1.17.1": ["source_code_sha"], + "commons-codec:commons-codec@1.17.2": ["source_code_sha"], "commons-codec:commons-codec@1.18.0": ["source_code_sha"], "commons-digester:commons-digester@1.8": ["code_signature"], "commons-io:commons-io@2.11.0": ["source_code_sha"], "commons-io:commons-io@2.14.0": ["source_code_sha"], "commons-io:commons-io@2.16.1": ["source_code_sha"], "commons-io:commons-io@2.18.0": ["source_code_sha"], + "commons-io:commons-io@2.19.0": ["source_code_sha"], + "dev.equo.ide:solstice@1.8.1": ["source_code_sha"], "dom4j:dom4j@1.1": ["source_code", "code_signature"], "io.github.crac:org-crac@0.1.3": ["source_code_sha"], "io.vertx:vertx-auth-common@4.5.13": ["source_code_sha"], @@ -30,15 +52,48 @@ "org.aesh:readline@2.6": ["code_signature"], "org.apache.commons:commons-collections4@4.4": ["source_code_sha"], "org.apache.commons:commons-compress@1.26.1": ["source_code_sha"], + "org.apache.commons:commons-compress@1.26.2": ["source_code_sha"], "org.apache.commons:commons-compress@1.27.1": ["source_code_sha"], "org.apache.commons:commons-lang3@3.12.0": ["source_code_sha"], "org.apache.commons:commons-lang3@3.14.0": ["source_code_sha"], "org.apache.commons:commons-lang3@3.17.0": ["source_code_sha"], + "org.apache.commons:commons-lang3@3.8.1": ["source_code_sha"], + "org.apache.commons:commons-text@1.12.0": ["source_code_sha"], + "org.apache.httpcomponents:httpclient@4.5.13": ["source_code_sha"], "org.apache.httpcomponents:httpclient@4.5.14": ["source_code_sha"], + "org.apache.httpcomponents:httpcore@4.4.14": ["source_code_sha"], "org.apache.httpcomponents:httpcore@4.4.16": ["source_code_sha"], + "org.apache.logging.log4j:log4j-api@2.24.3": ["source_code_sha"], + "org.apache.logging.log4j:log4j-core@2.24.3": ["source_code_sha"], + "org.apache.maven.doxia:doxia-decoration-model@1.11.1": ["source_code_sha"], + "org.apache.maven.doxia:doxia-integration-tools@2.0.0": ["source_code_sha"], + "org.apache.maven.doxia:doxia-site-model@2.0.0": ["source_code_sha"], + "org.apache.maven.doxia:doxia-site-renderer@1.11.1": ["source_code_sha"], + "org.apache.maven.doxia:doxia-site-renderer@2.0.0": ["source_code_sha"], + "org.apache.maven.doxia:doxia-skin-model@1.11.1": ["source_code_sha"], + "org.apache.maven.doxia:doxia-skin-model@2.0.0": ["source_code_sha"], + "org.assertj:assertj-core@3.24.2": ["source_code_sha"], + "org.bouncycastle:bcpg-jdk18on@1.78.1": ["source_code_sha"], + "org.bouncycastle:bcpkix-jdk18on@1.80": ["source_code_sha"], + "org.bouncycastle:bcprov-jdk18on@1.80": ["source_code_sha"], + "org.bouncycastle:bcutil-jdk18on@1.80": ["source_code_sha"], "org.codehaus.plexus:plexus-i18n@1.0-beta-10": ["code_signature"], + "org.eclipse.jetty:jetty-http@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-io@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-security@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-server@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-servlet@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-util-ajax@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-util@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-webapp@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.jetty:jetty-xml@9.4.56.v20240826": ["source_code_sha"], + "org.eclipse.platform:org.eclipse.osgi@3.23.0": ["source_code_sha"], + "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M2": ["source_code_sha"], "org.eclipse.sisu:org.eclipse.sisu.inject@0.9.0.M3": ["source_code_sha"], + "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M2": ["source_code_sha"], "org.eclipse.sisu:org.eclipse.sisu.plexus@0.9.0.M3": ["source_code_sha"], + "org.instancio:instancio-core@5.4.1": ["source_code_sha"], + "org.instancio:instancio-junit@5.4.1": ["source_code_sha"], "org.iq80.snappy:snappy@0.4": ["source_code"], "org.jboss.logging:commons-logging-jboss-logging@1.0.0.Final": ["code_signature"], "org.jboss.logging:jboss-logging-annotations@3.0.4.Final": ["code_signature"], @@ -48,8 +103,11 @@ "org.jboss.slf4j:slf4j-jboss-logmanager@2.0.0.Final": ["code_signature", "source_code_sha"], "org.jboss.threads:jboss-threads@3.8.0.Final": ["code_signature"], "org.jdom:jdom2@2.0.6.1": ["source_code_sha"], + "org.jetbrains:annotations@13.0": ["source_code_sha"], "org.junit.platform:junit-platform-commons@1.10.5": ["source_code_sha"], + "org.junit.platform:junit-platform-commons@1.13.0": ["source_code_sha"], "org.junit.platform:junit-platform-engine@1.10.5": ["source_code_sha"], + "org.junit.platform:junit-platform-engine@1.13.0": ["source_code_sha"], "org.junit.platform:junit-platform-launcher@1.10.5": ["source_code_sha"], "org.sonatype.plexus:plexus-cipher@1.4": ["source_code"], "org.sonatype.plexus:plexus-sec-dispatcher@1.3": ["source_code"], From 579ce63eefa87c97c94079c8f23d84e93bb923b0 Mon Sep 17 00:00:00 2001 From: LogFlames <36220731+LogFlames@users.noreply.github.com> Date: Tue, 29 Jul 2025 16:53:11 +0000 Subject: [PATCH 36/41] chore: update ghasum checksums --- .github/workflows/gha.sum | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index 4cf95b33b..915fb2d93 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -9,10 +9,11 @@ actions/setup-java@v4.7.1 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= actions/upload-artifact@v4.6.2 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= +chains-project/dirty-waters-action@v1.11.48 BlbW87cG7BWyVwIVCVZ404lqjY7rTn4kW8qvMsJMUTw= github/codeql-action@d6bbdef45e766d081b84a2def353b0055f728d3e a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= github/codeql-action@v3.29.3 a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= -chains-project/dirty-waters-action@v1.11.48 BlbW87cG7BWyVwIVCVZ404lqjY7rTn4kW8qvMsJMUTw= jreleaser/release-action@2.4.2 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde NlVzVIaycy3fhYp7tgiwvpWvzSsPa48uTVejF6tHEog= -stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 5+Y5J+dG+VvtR13IIYuBHcAdJAcnDBQU/U0sRO3YZZw= +stefanzweifel/git-auto-commit-action@v6.0.1 5+Y5J+dG+VvtR13IIYuBHcAdJAcnDBQU/U0sRO3YZZw= +step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 nNlOSHE3ozt23Wu9iovaeOgHnTwwx/tIwccWM/cHJmI= step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 rG/FhhPP4VlsNB/2lKudn7rieQAYYNLIRb34q19qmFU= From a910020a0e5b06daba14977132c7a56770d6ed9b Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Tue, 29 Jul 2025 18:54:18 +0200 Subject: [PATCH 37/41] Update harden runner --- .github/workflows/code-qualitiy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 65e155aec..3f3f7188e 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -106,7 +106,7 @@ jobs: pull-requests: write # To comment on a Pull Request steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit From 4ac23da393def13b15c300d564e856be2e8e84b0 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Tue, 29 Jul 2025 18:55:21 +0200 Subject: [PATCH 38/41] update gha.sum --- .github/workflows/gha.sum | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index 915fb2d93..9b42760d1 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -15,5 +15,4 @@ github/codeql-action@v3.29.3 a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= jreleaser/release-action@2.4.2 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde NlVzVIaycy3fhYp7tgiwvpWvzSsPa48uTVejF6tHEog= stefanzweifel/git-auto-commit-action@v6.0.1 5+Y5J+dG+VvtR13IIYuBHcAdJAcnDBQU/U0sRO3YZZw= -step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 nNlOSHE3ozt23Wu9iovaeOgHnTwwx/tIwccWM/cHJmI= step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 rG/FhhPP4VlsNB/2lKudn7rieQAYYNLIRb34q19qmFU= From e6434d0818f137427515770bb2ef5d541066d4b8 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 31 Jul 2025 15:15:07 +0200 Subject: [PATCH 39/41] Update dirty waters action to 1.11.52 --- .github/workflows/code-qualitiy.yml | 2 +- .github/workflows/gha.sum | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 3f3f7188e..01e9c1bd9 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -124,7 +124,7 @@ jobs: distribution: 'temurin' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.48 + uses: chains-project/dirty-waters-action@v1.11.52 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index 9b42760d1..13c358740 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -9,7 +9,7 @@ actions/setup-java@v4.7.1 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= actions/upload-artifact@v4.6.2 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= -chains-project/dirty-waters-action@v1.11.48 BlbW87cG7BWyVwIVCVZ404lqjY7rTn4kW8qvMsJMUTw= +chains-project/dirty-waters-action@v1.11.52 JTXn8ep3K5YnkSpNVyVVe85RAxg2eQ2X+TKP5A6JgyA= github/codeql-action@d6bbdef45e766d081b84a2def353b0055f728d3e a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= github/codeql-action@v3.29.3 a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= jreleaser/release-action@2.4.2 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= From 801afa01bebc945fd57c7e4cc137c43b543bfa2a Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 20 Aug 2025 13:55:48 +0200 Subject: [PATCH 40/41] Update gha.sum --- .github/workflows/gha.sum | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index 13c358740..c3681bc4b 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -1,18 +1,19 @@ version 1 actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 Wn6UGuh8/0fkcOLI8uEQmhssKaMEfnm77brXOpwKe7A= +actions/cache@v4.2.3 A/Paejdu47oer1Zf9zbtOgbMTG3OmOiXsgB6oodFIOU= actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 aYx2ZNrV/U9daVa5XJLnuR3depD7lQqzkyRhH4E9bOU= +actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 g2V9DAwkHBbZHaTOx4M2g/r9wI49KupzyARL47t/rEQ= actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 Gd1O6ZG0JtkpyKVsxOwIuNtshdlcYheIADUYdNOIOjo= actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 vSiNC7HetrtPF3QhZDzPHWyJ1e8pFltzruLjcw65Sok= actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA1OGC3jxGBnmx7eTIdEzwSoI= +actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-java@v4.7.1 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= -actions/upload-artifact@v4.6.2 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= chains-project/dirty-waters-action@v1.11.52 JTXn8ep3K5YnkSpNVyVVe85RAxg2eQ2X+TKP5A6JgyA= -github/codeql-action@d6bbdef45e766d081b84a2def353b0055f728d3e a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= -github/codeql-action@v3.29.3 a64qKQusITtfuxl3BMjHFBq/jN7uTJqDLVTWW80ij+s= -jreleaser/release-action@2.4.2 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= +github/codeql-action@96f518a34f7a870018057716cc4d7a5c014bd61c h0CGAC50uRuMQV8hj6pLuc5zMsaXvXYE/35vEhbnEbs= +jreleaser/release-action@f69e545b05f149483cecb2fb81866247992694b8 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde NlVzVIaycy3fhYp7tgiwvpWvzSsPa48uTVejF6tHEog= -stefanzweifel/git-auto-commit-action@v6.0.1 5+Y5J+dG+VvtR13IIYuBHcAdJAcnDBQU/U0sRO3YZZw= +stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 5+Y5J+dG+VvtR13IIYuBHcAdJAcnDBQU/U0sRO3YZZw= step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 rG/FhhPP4VlsNB/2lKudn7rieQAYYNLIRb34q19qmFU= From a4bf2b107a3607d658044290bae197e9d8c97231 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 20 Aug 2025 14:01:22 +0200 Subject: [PATCH 41/41] Pin actions --- .github/workflows/code-qualitiy.yml | 4 ++-- .github/workflows/gha.sum | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 01e9c1bd9..1588229c1 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -118,13 +118,13 @@ jobs: uses: ./.github/actions/ghasum - name: Setup JDK17 - uses: actions/setup-java@v4.7.1 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: '17' distribution: 'temurin' - name: Dirty Waters Analysis - uses: chains-project/dirty-waters-action@v1.11.52 + uses: chains-project/dirty-waters-action@30bc4ef96e9c59f85efb05affc2992353d65870b # v1.11.52 with: github_token: ${{ secrets.GITHUB_TOKEN }} package_manager: maven diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index c3681bc4b..746aaee9d 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -8,10 +8,9 @@ actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 Gd1O6Z actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 vSiNC7HetrtPF3QhZDzPHWyJ1e8pFltzruLjcw65Sok= actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA1OGC3jxGBnmx7eTIdEzwSoI= actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= -actions/setup-java@v4.7.1 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-python@v5.6.0 MTHBGEHwb+MeIw3xRLiVuM/uyRfuK8hlVXL+Z/yEA8c= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= -chains-project/dirty-waters-action@v1.11.52 JTXn8ep3K5YnkSpNVyVVe85RAxg2eQ2X+TKP5A6JgyA= +chains-project/dirty-waters-action@30bc4ef96e9c59f85efb05affc2992353d65870b JTXn8ep3K5YnkSpNVyVVe85RAxg2eQ2X+TKP5A6JgyA= github/codeql-action@96f518a34f7a870018057716cc4d7a5c014bd61c h0CGAC50uRuMQV8hj6pLuc5zMsaXvXYE/35vEhbnEbs= jreleaser/release-action@f69e545b05f149483cecb2fb81866247992694b8 Ixc/05XDYYHGUvtC6Jt9gB/mpHPIwBX7PR8At1yEWSs= ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde NlVzVIaycy3fhYp7tgiwvpWvzSsPa48uTVejF6tHEog=