diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index 6cd128de271..ff61d58dbac 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -252,7 +252,7 @@ jobs: - name: Install Cosign if: matrix.os == 'windows-latest' - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Generate key pair if: matrix.os == 'windows-latest' diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 48e3514333d..6f66b051f85 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -54,7 +54,7 @@ jobs: - name: Install cosign if: github.ref == 'refs/heads/master' - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 with: cosign-release: "v2.4.1" diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index faedf892df8..e77016a2d6a 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -95,7 +95,7 @@ jobs: run: ls -R - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Generate key pair run: cosign generate-key-pair diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ca037b7c0de..e5baeb2784d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -74,6 +74,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5 + uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/testdriver.yml b/.github/workflows/testdriver.yml index 2bd47bee34e..cd2cedb2501 100644 --- a/.github/workflows/testdriver.yml +++ b/.github/workflows/testdriver.yml @@ -146,7 +146,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: cache: 'npm' cache-dependency-path: frontend/package-lock.json diff --git a/app/common/build.gradle b/app/common/build.gradle index 33a710e9649..4dcf57cc8cb 100644 --- a/app/common/build.gradle +++ b/app/common/build.gradle @@ -37,7 +37,7 @@ dependencies { api 'com.drewnoakes:metadata-extractor:2.19.0' // Image metadata extractor api 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8' api "org.apache.pdfbox:pdfbox:$pdfboxVersion" - api 'com.github.junrar:junrar:7.5.5' // RAR archive support for CBR files + api 'com.github.junrar:junrar:7.5.7' // RAR archive support for CBR files api 'jakarta.servlet:jakarta.servlet-api:6.1.0' api 'org.snakeyaml:snakeyaml-engine:2.10' api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.13" diff --git a/build.gradle b/build.gradle index 729979f0781..2780271a042 100644 --- a/build.gradle +++ b/build.gradle @@ -10,7 +10,7 @@ plugins { id "com.github.jk1.dependency-license-report" version "2.9" //id "nebula.lint" version "19.0.3" id "org.panteleyev.jpackageplugin" version "1.7.5" - id "org.sonarqube" version "6.3.1.5724" + id "org.sonarqube" version "7.0.0.6105" } import com.github.jk1.license.render.* @@ -22,7 +22,7 @@ import java.time.Year ext { springBootVersion = "3.5.6" - pdfboxVersion = "3.0.5" + pdfboxVersion = "3.0.6" imageioVersion = "3.12.0" lombokVersion = "1.18.42" bouncycastleVersion = "1.82"