Merge branch 'release/5.0.8'

.github/workflows/build.yaml

@@ -18,7 +18,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -41,20 +41,20 @@ jobs:
             repo.maven.apache.org:443
             services.gradle.org:443
             uploader.codecov.io:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           lfs: true
-      - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+      - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
         with:
           distribution: 'adopt'
           java-version: '17'
           cache: 'gradle'
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+      - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ github.run_id }}
       - uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7
-      - uses: supercharge/redis-github-action@f63fe516254d0af5df91755a4488274c2e71e38c # v1.5.0
+      - uses: supercharge/redis-github-action@6dc7a5eeaf9a8f860b6464e05195a15f8b9f3bbb # v1.7.0
       - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1.1.0
       - run: ./gradlew --no-daemon check publishToMavenLocal
       - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
@@ -79,13 +79,13 @@ jobs:
       fail-fast: false
       matrix:
         springBootVersion:
-          - 3.0.9
-          - 3.1.2
-          - 3.2.0-M1
+          - 3.0.12
+          - 3.1.5
+          - 3.2.0-RC2
     runs-on: ubuntu-latest
     needs: build
     steps:
-      - uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -106,25 +106,25 @@ jobs:
             repo.maven.apache.org:443
             repo.spring.io:443
             services.gradle.org:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           repository: 'bratkartoffel/security-jwt-examples'
           ref: 'master'
           fetch-depth: 1
           lfs: true
-      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+      - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ github.run_id }}
           restore-keys: |
             ${{ runner.os }}-maven-${{ github.run_id }}
-      - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+      - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
         with:
           distribution: 'adopt'
           java-version: '17'
           cache: 'gradle'
       - uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7
-      - uses: supercharge/redis-github-action@f63fe516254d0af5df91755a4488274c2e71e38c # v1.5.0
+      - uses: supercharge/redis-github-action@6dc7a5eeaf9a8f860b6464e05195a15f8b9f3bbb # v1.7.0
       - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1.1.0
       - run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} check
       - run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} starter-hibernate:dependencies | egrep '(:spring|:security-jwt)' | grep -v -- '->' | sed -e 's/^[+-\\| ]\+//' -e 's/ ([n\*])$//' | sort | uniq

CHANGELOG.md

@@ -3,19 +3,40 @@
 ### [unreleased]
 - no changes yet
 
-## [5.0.7] (2023-07-24
-* Add workaround for [spring-projects/spring-security#13572]
+### [5.0.8] (2023-11-03)
+* (base) upgrade nimbus-jose-jwt to 9.37
+* (base) upgrade swagger annotations to 2.2.18
+* (base) upgrade bouncycastle to 1.76
+* (base) upgrade jackson to 2.15.3
+* (internal) upgrade expiringmap to 0.5.11
+* (redis) upgrade jedis to 5.0.2
+
+### [4.6.9] (2023-11-02)
+* (base) upgrade nimbus-jose-jwt to 9.37
+* (base) upgrade commons-codec to 1.16.0
+* (base) upgrade bouncycastle to 1.76
+* (internal) upgrade expiringmap to 0.5.11
+* (redis) upgrade jedis to 4.4.6
+
+### [5.0.7] (2023-07-24)
+* (base) Add workaround for [spring-projects/spring-security#13572]
 
 ### [5.0.6] (2023-07-17)
 * (all) fix invalid generated pom files with self-referential dependencies
+* (base) upgrade jackson to 2.15.2
+* (redis) upgrade jedis to 4.4.2
+* (base) upgrade totp to 1.1.0
+* (base) upgrade swagger annotations to 2.2.15
+* (base) upgrade bouncycastle to 1.75
+* (base) upgrade commons-codec to 1.16.0
 
 ### [4.6.8] (2023-07-17)
 * (all) fix invalid generated pom files with self-referential dependencies
 
 ### [5.0.5] (2023-05-19)
 * (base) upgrade openapi dependency to 2.2.10
 * (base) upgrade jackson to 2.15.1
-* (all) upgrade bouncycastle to 1.73, change to jdk18on variant
+* (base) upgrade bouncycastle to 1.73, change to jdk18on variant
 * (redis) upgrade jedis to 4.4.1
 
 ### [4.6.7] (2023-05-19)
@@ -216,7 +237,9 @@
 * Initial release to github and maven central
 
 
-[unreleased]: https://github.com/bratkartoffel/security-jwt/compare/5.0.7...develop
+[unreleased]: https://github.com/bratkartoffel/security-jwt/compare/5.0.8...develop
+[5.0.8]: https://github.com/bratkartoffel/security-jwt/compare/5.0.7...5.0.8
+[4.6.9]: https://github.com/bratkartoffel/security-jwt/compare/4.6.8...4.6.9
 [5.0.7]: https://github.com/bratkartoffel/security-jwt/compare/5.0.6...5.0.7
 [5.0.6]: https://github.com/bratkartoffel/security-jwt/compare/5.0.5...5.0.6
 [4.6.8]: https://github.com/bratkartoffel/security-jwt/compare/4.6.7...4.6.8
@@ -256,4 +279,4 @@
 [0.6.0]: https://github.com/bratkartoffel/security-jwt/compare/0.5.2...0.6.0
 [0.5.2]: https://github.com/bratkartoffel/security-jwt/tree/0.5.2
 
-[spring-projects/spring-security#13572]: https://github.com/spring-projects/spring-security/issues/13572
+[spring-projects/spring-security#13572]: https://github.com/spring-projects/spring-security/issues/13572

README.md

@@ -49,13 +49,13 @@ should be sufficient for the most use cases.
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-base</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
     <!-- or -->
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-base-spring-boot-starter</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
 </dependencies>
 ```
@@ -68,27 +68,27 @@ When you want to add refresh token support, then choose one of the following dep
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-internal</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-memcache</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-hibernate</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-redis</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-files</artifactId>
-        <version>5.0.7</version>
+        <version>5.0.8</version>
     </dependency>
 </dependencies>
 ```

base-spring-boot-starter/build.gradle

@@ -1,5 +1,5 @@
 dependencies {
     api project(':base')
-    implementation group: "org.bouncycastle", name: "bcprov-jdk18on", version: "1.75"
+    implementation group: "org.bouncycastle", name: "bcprov-jdk18on", version: "1.76"
     testImplementation testFixtures(project(':base'))
 }

base/build.gradle

@@ -1,14 +1,14 @@
 dependencies {
     api group: "org.springframework.boot", name: "spring-boot-starter-web", version: "3.0.0"
     api group: "org.springframework.boot", name: "spring-boot-starter-security", version: "3.0.0"
-    api group: "com.fasterxml.jackson.datatype", name: "jackson-datatype-jdk8", version: "2.15.2"
-    api group: "com.nimbusds", name: "nimbus-jose-jwt", version: "9.31"
+    api group: "com.fasterxml.jackson.datatype", name: "jackson-datatype-jdk8", version: "2.15.3"
+    api group: "com.nimbusds", name: "nimbus-jose-jwt", version: "9.37"
     api group: "commons-codec", name: "commons-codec", version: "1.16.0"
-    api(group: "io.swagger.core.v3", name: "swagger-annotations-jakarta", version: "2.2.15")
+    api(group: "io.swagger.core.v3", name: "swagger-annotations-jakarta", version: "2.2.18")
     api(group: "eu.fraho.libs", name: "libtotp", version: "1.1.0")
 
-    implementation group: "org.bouncycastle", name: "bcprov-jdk18on", version: "1.75"
-    testFixturesApi group: "org.bouncycastle", name: "bcprov-jdk18on", version: "1.75"
-    testImplementation group: "org.mockito", name: "mockito-core", version: "5.4.0"
-    testFixturesApi group: "org.mockito", name: "mockito-core", version: "5.4.0"
+    implementation group: "org.bouncycastle", name: "bcprov-jdk18on", version: "1.76"
+    testFixturesApi group: "org.bouncycastle", name: "bcprov-jdk18on", version: "1.76"
+    testImplementation group: "org.mockito", name: "mockito-core", version: "5.6.0"
+    testFixturesApi group: "org.mockito", name: "mockito-core", version: "5.6.0"
 }

build.gradle

@@ -1,8 +1,8 @@
 plugins {
-    id 'io.freefair.lombok' version "8.1.0" apply false
-    id 'com.adarshr.test-logger' version "3.2.0" apply false
-    id 'com.github.ben-manes.versions' version "0.47.0"
-    id 'org.springframework.boot' version "3.1.2" apply false
+    id 'io.freefair.lombok' version "8.4" apply false
+    id 'com.adarshr.test-logger' version "4.0.0" apply false
+    id 'com.github.ben-manes.versions' version "0.49.0"
+    id 'org.springframework.boot' version "3.1.5" apply false
 }
 
 subprojects {
@@ -48,11 +48,11 @@ subprojects {
     }
 
     dependencies {
-        annotationProcessor group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: "3.1.2"
+        annotationProcessor group: "org.springframework.boot", name: "spring-boot-configuration-processor", version: "3.1.5"
 
         testFixturesApi group: "org.springframework.boot", name: "spring-boot-starter-test", version: "3.0.0"
         testFixturesApi group: "org.springframework.boot", name: "spring-boot-starter-web", version: "3.0.0"
-        testFixturesApi group: "com.fasterxml.jackson.datatype", name: "jackson-datatype-jsr310", version: "2.15.2"
+        testFixturesApi group: "com.fasterxml.jackson.datatype", name: "jackson-datatype-jsr310", version: "2.15.3"
         testFixturesApi group: 'org.junit.jupiter', name: 'junit-jupiter', version: "5.10.0"
     }
 
@@ -63,7 +63,7 @@ subprojects {
 
     // code coverage
     apply plugin: 'jacoco'
-    jacoco.toolVersion = "0.8.10"
+    jacoco.toolVersion = "0.8.11"
     jacocoTestReport.reports {
         xml.required = true
         html.required = true

cicd/release.sh

@@ -16,7 +16,7 @@ git commit -m "Version updated from $current_version to version $release_version
 
 # update the changelog
 sed -i \
-  -e "/## \[unreleased/a - no changes yet\n\n## [$release_version] ($(date +%Y-%m-%d)" \
+  -e "/### \[unreleased/a - no changes yet\n\n### [$release_version] ($(date +%Y-%m-%d))" \
   -e "/^\[unreleased\]:/a [$release_version]: https://github.com/bratkartoffel/security-jwt/compare/${previous_version}...${release_version}" \
   -e "s|^\[unreleased\]:.\+develop$|[unreleased]: https://github.com/bratkartoffel/security-jwt/compare/${release_version}...develop|" \
   CHANGELOG.md

files/README.md

@@ -7,7 +7,7 @@ This module adds support for storing refresh tokens within an simple json docume
 <dependency>
     <groupId>eu.fraho.spring</groupId>
     <artifactId>security-jwt-files</artifactId>
-    <version>5.0.7</version>
+    <version>5.0.8</version>
 </dependency>
 ```
 

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -83,7 +83,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -144,15 +145,15 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -201,11 +202,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

hibernate/README.md

@@ -13,7 +13,7 @@ for rows you have to regularly cleanup the token table, e.g. by using a cronjob.
 <dependency>
     <groupId>eu.fraho.spring</groupId>
     <artifactId>security-jwt-hibernate</artifactId>
-    <version>5.0.7</version>
+    <version>5.0.8</version>
 </dependency>
 ```
 

hibernate/build.gradle

@@ -3,5 +3,5 @@ dependencies {
     api group: "org.springframework.boot", name: "spring-boot-starter-data-jpa", version: "3.0.0"
 
     testImplementation testFixtures(project(':base'))
-    testImplementation group: "com.h2database", name: "h2", version: "2.2.220"
+    testImplementation group: "com.h2database", name: "h2", version: "2.2.224"
 }

internal/README.md

@@ -7,7 +7,7 @@ This module adds support for storing refresh tokens within an in-memory storage.
 <dependency>
     <groupId>eu.fraho.spring</groupId>
     <artifactId>security-jwt-internal</artifactId>
-    <version>5.0.7</version>
+    <version>5.0.8</version>
 </dependency>
 ```
 

internal/build.gradle

@@ -1,6 +1,6 @@
 dependencies {
     api project(':base')
-    api group: "net.jodah", name: "expiringmap", version: "0.5.10"
+    api group: "net.jodah", name: "expiringmap", version: "0.5.11"
 
     testImplementation testFixtures(project(':base'))
 }

memcache/README.md

@@ -9,7 +9,7 @@ Please note that the memcache-plugin needs an external memcached server.
 <dependency>
     <groupId>eu.fraho.spring</groupId>
     <artifactId>security-jwt-memcache</artifactId>
-    <version>5.0.7</version>
+    <version>5.0.8</version>
 </dependency>
 ```
 

redis/README.md

@@ -9,7 +9,7 @@ Please note that the redis-plugin needs an external redisd server.
 <dependency>
     <groupId>eu.fraho.spring</groupId>
     <artifactId>security-jwt-redis</artifactId>
-    <version>5.0.7</version>
+    <version>5.0.8</version>
 </dependency>
 ```
 

redis/build.gradle

@@ -1,6 +1,6 @@
 dependencies {
     api project(':base')
-    api group: "redis.clients", name: "jedis", version: "4.4.3"
+    api group: "redis.clients", name: "jedis", version: "5.0.2"
 
     testImplementation testFixtures(project(':base'))
 }

version.txt

@@ -1 +1 @@
-5.0.7
+5.0.8