Merge branch 'release/1.2.3'

Author: infeo

.github/dependabot.yml

@@ -0,0 +1,38 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Etc/UTC"
+    groups:
+      java-test-dependencies:
+        patterns:
+          - "org.junit.jupiter:*"
+          - "org.mockito:*"
+      maven-build-plugins:
+        patterns:
+          - "org.apache.maven.plugins:*"
+          - "org.owasp:dependency-check-maven"
+          - "org.sonatype.plugins:nexus-staging-maven-plugin"
+          - "org.codehaus.mojo:exec-maven-plugin"
+      java-production-dependencies:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "org.junit.jupiter:*"
+          - "org.mockito:*"
+          - "org.apache.maven.plugins:*"
+          - "org.owasp:dependency-check-maven"
+          - "org.sonatype.plugins:nexus-staging-maven-plugin"
+          - "org.codehaus.mojo:exec-maven-plugin"
+  - package-ecosystem: "github-actions"
+    directory: "/" # even for `.github/workflows`
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/build.yml

@@ -7,8 +7,8 @@ jobs:
     runs-on: macos-latest
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-java@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: 17
@@ -17,11 +17,11 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         shell: bash
         run: |
-          mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+          mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
         id: buildAndTest
-        run: mvn -B clean install -Pdependency-check
-      - uses: actions/upload-artifact@v3
+        run: mvn -B clean install
+      - uses: actions/upload-artifact@v4
         with:
           name: artifacts
           path: target/*.jar

.github/workflows/codeql-analysis.yml

@@ -13,21 +13,22 @@ jobs:
   analyse:
     name: Analyse
     runs-on: macos-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+    # dependeabot has on push events only read-only access, but codeql requires write access
+    if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 2
-    - uses: actions/setup-java@v3
+    - uses: actions/setup-java@v4
       with:
         distribution: 'temurin'
         java-version: 17
         cache: 'maven'
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: java
     - name: Build
       run: mvn -B compile
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependency-check.yml

@@ -0,0 +1,63 @@
+name: OWASP Maven Dependency Check
+on:
+  schedule:
+    - cron: '0 14 * * 0'
+  push:
+    branches:
+      - 'release/**'
+  workflow_dispatch:
+
+
+jobs:
+  check-dependencies:
+    name: Check dependencies
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: 17
+          cache: 'maven'
+      - name: Cache NVD DB
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository/org/owasp/dependency-check-data/
+          key: dependency-check-${{ github.run_id }}
+          restore-keys: |
+            dependency-check
+        env:
+          SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
+      - name: Run org.owasp:dependency-check plugin
+        id: dependency-check
+        continue-on-error: true
+        run: mvn -B validate -Pdependency-check
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+      - name: Upload report on failure
+        if: steps.dependency-check.outcome == 'failure'
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-check-report
+          path: target/dependency-check-report.html
+          if-no-files-found: error
+      - name: Slack Notification on regular check
+        if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_USERNAME: 'Cryptobot'
+          SLACK_ICON: false
+          SLACK_ICON_EMOJI: ':bot:'
+          SLACK_CHANNEL: 'cryptomator-desktop'
+          SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
+          SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
+          SLACK_FOOTER: false
+          MSG_MINIMAL: true
+      - name: Failing workflow on release branch
+        if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
+        shell: bash
+        run: exit 1

.github/workflows/publish-central.yml

@@ -10,10 +10,10 @@ jobs:
   publish:
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: "refs/tags/${{ github.event.inputs.tag }}"
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: 17

.github/workflows/publish-github.yml

@@ -7,8 +7,8 @@ jobs:
     runs-on: macos-latest
     if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-java@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: 17

.idea/misc.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>integrations-mac</artifactId>
-	<version>1.2.2</version>
+	<version>1.2.3</version>
 
 	<name>Cryptomator Integrations for macOS</name>
 	<description>Provides optional macOS services used by Cryptomator</description>
@@ -30,16 +30,16 @@
 		<project.jdk.version>17</project.jdk.version>
 
 		<!-- runtime dependencies -->
-		<api.version>1.2.0</api.version>
-		<slf4j.version>1.7.36</slf4j.version>
+		<api.version>1.3.0</api.version>
+		<slf4j.version>2.0.11</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.8.2</junit.jupiter.version>
-		<mockito.version>4.4.0</mockito.version>
+		<junit.jupiter.version>5.10.1</junit.jupiter.version>
+		<mockito.version>5.10.0</mockito.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>8.1.0</dependency-check.version>
-		<nexus-staging.version>1.6.8</nexus-staging.version>
+		<dependency-check.version>9.0.9</dependency-check.version>
+		<nexus-staging.version>1.6.13</nexus-staging.version>
 	</properties>
 
 	<licenses>
@@ -88,7 +88,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-clean-plugin</artifactId>
-				<version>3.1.0</version>
+				<version>3.3.2</version>
 				<configuration>
 					<filesets>
 						<fileset>
@@ -104,7 +104,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.10.1</version>
+				<version>3.12.1</version>
 				<configuration>
 					<compilerArgs>
 						<arg>-h</arg>
@@ -116,7 +116,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-enforcer-plugin</artifactId>
-				<version>3.0.0</version>
+				<version>3.4.1</version>
 				<executions>
 					<execution>
 						<id>check-preconditions</id>
@@ -145,7 +145,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>exec-maven-plugin</artifactId>
-				<version>3.0.0</version>
+				<version>3.1.1</version>
 				<executions>
 					<execution>
 						<goals>
@@ -175,7 +175,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-resources-plugin</artifactId>
-				<version>3.2.0</version>
+				<version>3.3.1</version>
 				<executions>
 					<execution>
 						<goals>
@@ -199,11 +199,11 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.0.0-M5</version>
+				<version>3.2.5</version>
 			</plugin>
 			<plugin>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.2.1</version>
+				<version>3.3.0</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -215,7 +215,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.3.2</version>
+				<version>3.6.3</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -281,18 +281,19 @@
 						<artifactId>dependency-check-maven</artifactId>
 						<version>${dependency-check.version}</version>
 						<configuration>
-							<cveValidForHours>24</cveValidForHours>
+							<nvdValidForHours>24</nvdValidForHours>
 							<failBuildOnCVSS>0</failBuildOnCVSS>
 							<skipTestScope>true</skipTestScope>
-							<cveStartYear>2019</cveStartYear>
 							<detail>true</detail>
 							<suppressionFile>suppression.xml</suppressionFile>
+							<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
 						</configuration>
 						<executions>
 							<execution>
 								<goals>
 									<goal>check</goal>
 								</goals>
+								<phase>validate</phase>
 							</execution>
 						</executions>
 					</plugin>
@@ -306,7 +307,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.0.1</version>
+						<version>3.1.0</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -367,7 +368,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-deploy-plugin</artifactId>
-						<version>3.1.0</version>
+						<version>3.1.1</version>
 					</plugin>
 				</plugins>
 			</build>

.idea/modules.xml

@@ -0,0 +1 @@
+org.cryptomator.macos.keychain.displayName=macOS асҡыс сынйыры (Keychain)