From 8a53ecdfc777055db9d864e37b25b6f2b068f993 Mon Sep 17 00:00:00 2001 From: Simon Schulte Date: Fri, 21 Nov 2025 08:31:30 +0100 Subject: [PATCH] upgrade vulnerable dependency --- .github/workflows/test.yml | 164 ++++++++++++++++++------------------- build.gradle | 4 +- build.sbt | 4 +- pom.xml | 2 +- 4 files changed, 87 insertions(+), 87 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 58fe8714..8ac04056 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,88 +3,88 @@ name: run tests on: [push] jobs: - test: - runs-on: ubuntu-latest - permissions: - contents: 'read' - id-token: 'write' + test: + runs-on: ubuntu-latest + permissions: + contents: "read" + id-token: "write" - steps: - - uses: actions/checkout@v4 - - name: Authenticate to Google Cloud - id: auth - uses: google-github-actions/auth@v1 - with: - token_format: access_token - workload_identity_provider: projects/949875736540/locations/global/workloadIdentityPools/external-pool/providers/github-provider - service_account: artifact-pusher@talon-artifacts.iam.gserviceaccount.com - - name: Login to GAR - uses: docker/login-action@v3 - with: - registry: europe-west3-docker.pkg.dev - username: oauth2accesstoken - password: ${{ steps.auth.outputs.access_token }} - - uses: hoverkraft-tech/compose-action@v2.0.2 - - name: Set up Java - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: '21' - cache: 'gradle' - - name: Install dependencies - run: | - sudo apt-get install jq curl - - name: Set Release version env variable - run: | - echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV - - name: Run example - run: | - echo "running example"; - sleep 5; - docker compose logs; - curl --location "http://localhost:9000/v1/users" - - ACCOUNT_RESPONSE=$(curl -s --location "http://localhost:9000/v1/accounts" \ - --header "Content-Type: application/json" \ - --data-raw '{ - "companyName": "demo", - "email": "integrationtest@talon.one", - "password": "Password1234!" - }'); - export TALON_USER_ID=$(echo $ACCOUNT_RESPONSE | jq ".userId"); - export TALON_USER_TOKEN=$(echo $ACCOUNT_RESPONSE | jq ".token" | tr -d '"'); - USER_RESPONSE=$(curl -s --location "http://localhost:9000/v1/users/$TALON_USER_ID" \ - --header "Authorization: Bearer $TALON_USER_TOKEN"); - export TALON_ACCOUNT_ID=$(echo $USER_RESPONSE | jq ".accountId"); - echo "User with ID $TALON_USER_ID and Token $TALON_USER_TOKEN was created for application $TALON_ACCOUNT_ID"; - APPLICATION_RESPONSE=$(curl -s --location "http://localhost:9000/v1/applications" \ - --header "Content-Type: application/json" \ - --header "Authorization: Bearer $TALON_USER_TOKEN" \ - --data-raw '{ - "name": "demo", - "currency": "EUR", - "timezone": "Europe/Berlin", - "enableFlattenedCartItems": false - }'); - export TALON_APPLICATION_ID=$(echo $USER_RESPONSE | jq ".id"); - echo "Application with ID $TALON_APPLICATION_ID was created" - API_KEY_RESPONSE=$(curl -s -v --location "http://localhost:9000/v1/applications/$TALON_APPLICATION_ID/apikeys" \ - --header "Content-Type: application/json" \ - --header "Authorization: Bearer $TALON_USER_TOKEN" \ - --data-raw '{ - "title": "Application HIT KEY", - "expires": "2099-01-01T0:00:00Z" - }'); - echo "Api-Key-Response: $API_KEY_RESPONSE"; - export TALON_API_KEY=$(echo $API_KEY_RESPONSE | jq ".key" | tr -d '"'); - echo "Api-Key $TALON_API_KEY created"; + steps: + - uses: actions/checkout@v4 + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v1 + with: + token_format: access_token + workload_identity_provider: projects/949875736540/locations/global/workloadIdentityPools/external-pool/providers/github-provider + service_account: artifact-pusher@talon-artifacts.iam.gserviceaccount.com + - name: Login to GAR + uses: docker/login-action@v3 + with: + registry: europe-west3-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + - uses: hoverkraft-tech/compose-action@v2.0.2 + - name: Set up Java + uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: "21" + cache: "gradle" + - name: Install dependencies + run: | + sudo apt-get install jq curl + - name: Set Release version env variable + run: | + echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV + - name: Run example + run: | + echo "running example"; + sleep 5; + docker compose logs; + curl --location "http://localhost:9000/v1/users" - echo "maven install"; - mvn clean install; - export CLASSPATH=.:./src/main/java:./target/lib/gson-2.8.9.jar:./target/talon-one-client-${{ env.RELEASE_VERSION }}.jar:./target/lib/okio-1.17.2.jar:./target/lib/okhttp-3.14.7.jar:./target/lib/threetenbp-1.4.3.jar:./target/lib/gson-fire-1.8.4.jar; - - echo "java compile"; - javac -d . Example.java; + ACCOUNT_RESPONSE=$(curl -s --location "http://localhost:9000/v1/accounts" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "companyName": "demo", + "email": "integrationtest@talon.one", + "password": "Password1234!" + }'); + export TALON_USER_ID=$(echo $ACCOUNT_RESPONSE | jq ".userId"); + export TALON_USER_TOKEN=$(echo $ACCOUNT_RESPONSE | jq ".token" | tr -d '"'); + USER_RESPONSE=$(curl -s --location "http://localhost:9000/v1/users/$TALON_USER_ID" \ + --header "Authorization: Bearer $TALON_USER_TOKEN"); + export TALON_ACCOUNT_ID=$(echo $USER_RESPONSE | jq ".accountId"); + echo "User with ID $TALON_USER_ID and Token $TALON_USER_TOKEN was created for application $TALON_ACCOUNT_ID"; + APPLICATION_RESPONSE=$(curl -s --location "http://localhost:9000/v1/applications" \ + --header "Content-Type: application/json" \ + --header "Authorization: Bearer $TALON_USER_TOKEN" \ + --data-raw '{ + "name": "demo", + "currency": "EUR", + "timezone": "Europe/Berlin", + "enableFlattenedCartItems": false + }'); + export TALON_APPLICATION_ID=$(echo $USER_RESPONSE | jq ".id"); + echo "Application with ID $TALON_APPLICATION_ID was created" + API_KEY_RESPONSE=$(curl -s -v --location "http://localhost:9000/v1/applications/$TALON_APPLICATION_ID/apikeys" \ + --header "Content-Type: application/json" \ + --header "Authorization: Bearer $TALON_USER_TOKEN" \ + --data-raw '{ + "title": "Application HIT KEY", + "expires": "2099-01-01T0:00:00Z" + }'); + echo "Api-Key-Response: $API_KEY_RESPONSE"; + export TALON_API_KEY=$(echo $API_KEY_RESPONSE | jq ".key" | tr -d '"'); + echo "Api-Key $TALON_API_KEY created"; - echo "java execute"; - java com.example.consumer.Example; + echo "maven install"; + mvn clean install; + export CLASSPATH=.:./target/classes:./target/talon-one-client-${{ env.RELEASE_VERSION }}.jar:./target/lib/*; + + echo "java compile"; + javac -d . Example.java; + + echo "java execute"; + java com.example.consumer.Example; diff --git a/build.gradle b/build.gradle index afd5f220..f4868d26 100644 --- a/build.gradle +++ b/build.gradle @@ -100,8 +100,8 @@ if(hasProperty('target') && target == 'android') { dependencies { compile 'io.swagger:swagger-annotations:1.5.24' compile "com.google.code.findbugs:jsr305:3.0.2" - compile 'com.squareup.okhttp3:okhttp:3.14.7' - compile 'com.squareup.okhttp3:logging-interceptor:3.14.7' + compile 'com.squareup.okhttp3:okhttp:4.9.2' + compile 'com.squareup.okhttp3:logging-interceptor:4.9.2' compile 'com.google.code.gson:gson:2.8.6' compile 'io.gsonfire:gson-fire:1.8.4' compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.18.0' diff --git a/build.sbt b/build.sbt index 66be55cc..db42114c 100644 --- a/build.sbt +++ b/build.sbt @@ -10,8 +10,8 @@ lazy val root = (project in file(".")). resolvers += Resolver.mavenLocal, libraryDependencies ++= Seq( "io.swagger" % "swagger-annotations" % "1.5.24", - "com.squareup.okhttp3" % "okhttp" % "3.14.7", - "com.squareup.okhttp3" % "logging-interceptor" % "3.14.7", + "com.squareup.okhttp3" % "okhttp" % "4.9.2", + "com.squareup.okhttp3" % "logging-interceptor" % "4.9.2", "com.google.code.gson" % "gson" % "2.8.6", "org.apache.commons" % "commons-lang3" % "3.18.0", "org.threeten" % "threetenbp" % "1.4.3" % "compile", diff --git a/pom.xml b/pom.xml index 2e5e2851..0b99b563 100644 --- a/pom.xml +++ b/pom.xml @@ -285,7 +285,7 @@ ${java.version} 1.8.4 1.5.24 - 3.14.7 + 4.9.2 2.8.9 3.18.0 1.4.3