From 9943ae1f0250b21ac0e78b02d456de55c5748b5b Mon Sep 17 00:00:00 2001
From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com>
Date: Thu, 1 Feb 2024 19:01:21 +0100
Subject: [PATCH 01/19] Externalized dependency-check

---
 .github/workflows/dependency-check.yml | 59 ++++----------------------
 1 file changed, 8 insertions(+), 51 deletions(-)

diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 35e1ef8..ae18757 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -10,54 +10,11 @@ on:
 
 jobs:
   check-dependencies:
-    name: Check dependencies
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          show-progress: false
-      - name: Setup Java
-        uses: actions/setup-java@v4
-        with:
-          java-version: 17
-          distribution: 'temurin'
-          cache: 'maven'
-      - name: Cache NVD DB
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2/repository/org/owasp/dependency-check-data/
-          key: dependency-check-${{ github.run_id }}
-          restore-keys: |
-            dependency-check
-        env:
-          SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
-      - name: Run org.owasp:dependency-check plugin
-        id: dependency-check
-        continue-on-error: true
-        run: mvn -B validate -Pdependency-check
-        env:
-          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
-      - name: Upload report on failure
-        if: steps.dependency-check.outcome == 'failure'
-        uses: actions/upload-artifact@v3
-        with:
-          name: dependency-check-report
-          path: target/dependency-check-report.html
-          if-no-files-found: error
-      - name: Slack Notification on regular check
-        if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_USERNAME: 'Cryptobot'
-          SLACK_ICON: false
-          SLACK_ICON_EMOJI: ':bot:'
-          SLACK_CHANNEL: 'cryptomator-desktop'
-          SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
-          SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
-          SLACK_FOOTER: false
-          MSG_MINIMAL: true
-      - name: Failing workflow on release branch
-        if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
-        shell: bash
-        run: exit 1
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
+    with:
+      runner-os: 'ubuntu-latest'
+      java-distribution: 'temurin'
+      java-version: 17
+    secrets:
+      nvd-api-key: ${{ secrets.NVD_API_KEY }}
+      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

From 643ca0794df9859ca98f210b2d4d955a7a3d559a Mon Sep 17 00:00:00 2001
From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com>
Date: Fri, 2 Feb 2024 20:03:02 +0100
Subject: [PATCH 02/19] Updated JDK for dependency-check to 21

See: 1211fb9818d344aa3c2231becc93777c997e6ac2
---
 .github/workflows/dependency-check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index ae18757..61633c9 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -14,7 +14,7 @@ jobs:
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
-      java-version: 17
+      java-version: 21
     secrets:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
       slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

From 4a9bea68a9fb87c60eccca4f9c00dbd12bab7d1f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Mar 2024 17:23:21 +0000
Subject: [PATCH 03/19] Bump org.junit.jupiter:junit-jupiter from 5.10.1 to
 5.10.2 (#77)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9b61c37..bbcfaee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
 		<slf4j.version>2.0.11</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.10.1</junit.jupiter.version>
+		<junit.jupiter.version>5.10.2</junit.jupiter.version>
 
 		<!-- mvn plugin dependencies -->
 		<dependency-check.version>9.0.9</dependency-check.version>

From 3daa50bcce3c0aa52c9124e3bd6bd0f6ada7c24b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Mar 2024 17:23:35 +0000
Subject: [PATCH 04/19] Bump the java-production-dependencies group with 3
 updates (#76)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index bbcfaee..a9cf196 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,10 +19,10 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
 		<!-- dependencies -->
-		<integrations-api.version>1.3.0</integrations-api.version>
+		<integrations-api.version>1.3.1</integrations-api.version>
 		<webdavservlet.version>1.2.5</webdavservlet.version>
 		<jetty.version>10.0.20</jetty.version>
-		<slf4j.version>2.0.11</slf4j.version>
+		<slf4j.version>2.0.12</slf4j.version>
 
 		<!-- test dependencies -->
 		<junit.jupiter.version>5.10.2</junit.jupiter.version>

From b1d06fcae0895ae735e7baf6f5491fa6dc0a5618 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Apr 2024 08:19:34 +0000
Subject: [PATCH 05/19] Bump the maven-build-plugins group with 3 updates (#78)

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index a9cf196..fdf59b2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
 		<junit.jupiter.version>5.10.2</junit.jupiter.version>
 
 		<!-- mvn plugin dependencies -->
-		<dependency-check.version>9.0.9</dependency-check.version>
+		<dependency-check.version>9.1.0</dependency-check.version>
 		<jacoco.version>0.8.11</jacoco.version>
 		<nexus-staging.version>1.6.13</nexus-staging.version>
 		<maven.deploy.version>3.1.1</maven.deploy.version>
@@ -113,7 +113,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.12.1</version>
+				<version>3.13.0</version>
 				<configuration>
 					<release>${project.build.jdk}</release>
 					<showWarnings>true</showWarnings>
@@ -219,7 +219,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.1.0</version>
+						<version>3.2.2</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>

From af4822c6801ae89ecc0251b05299275a366e8d79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Apr 2024 08:20:03 +0000
Subject: [PATCH 06/19] Bump the github-actions group with 1 update (#79)

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0bfa731..98dc1ea 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -29,7 +29,7 @@ jobs:
           name: artifacts
           path: target/*.jar
       - name: Create Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
         with:
           prerelease: true

From 0c0c0021b3147492bcb4a816b50a17313c545374 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 May 2024 14:17:17 +0000
Subject: [PATCH 07/19] Bump the maven-build-plugins group with 5 updates (#80)

---
 pom.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index fdf59b2..b306a38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,9 +29,9 @@
 
 		<!-- mvn plugin dependencies -->
 		<dependency-check.version>9.1.0</dependency-check.version>
-		<jacoco.version>0.8.11</jacoco.version>
+		<jacoco.version>0.8.12</jacoco.version>
 		<nexus-staging.version>1.6.13</nexus-staging.version>
-		<maven.deploy.version>3.1.1</maven.deploy.version>
+		<maven.deploy.version>3.1.2</maven.deploy.version>
 	</properties>
 
 	<licenses>
@@ -127,11 +127,11 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.3.0</version>
+				<version>3.4.1</version>
 			</plugin>
 			<plugin>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.3.0</version>
+				<version>3.3.1</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -219,7 +219,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.2.2</version>
+						<version>3.2.4</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>

From 66903085f9e1f4cc21f918c3011be9a73abe26b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 12:58:02 +0000
Subject: [PATCH 08/19] Bump the maven-build-plugins group with 3 updates (#83)

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index b306a38..9ab4388 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,9 +28,9 @@
 		<junit.jupiter.version>5.10.2</junit.jupiter.version>
 
 		<!-- mvn plugin dependencies -->
-		<dependency-check.version>9.1.0</dependency-check.version>
+		<dependency-check.version>9.2.0</dependency-check.version>
 		<jacoco.version>0.8.12</jacoco.version>
-		<nexus-staging.version>1.6.13</nexus-staging.version>
+		<nexus-staging.version>1.7.0</nexus-staging.version>
 		<maven.deploy.version>3.1.2</maven.deploy.version>
 	</properties>
 
@@ -143,7 +143,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.6.3</version>
+				<version>3.7.0</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>

From 9e25bde47ff119ba767a0a1e94e468661642e438 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 13:14:08 +0000
Subject: [PATCH 09/19] Bump the java-production-dependencies group across 1
 directory with 4 updates (#82)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9ab4388..cc69534 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,8 +21,8 @@
 		<!-- dependencies -->
 		<integrations-api.version>1.3.1</integrations-api.version>
 		<webdavservlet.version>1.2.5</webdavservlet.version>
-		<jetty.version>10.0.20</jetty.version>
-		<slf4j.version>2.0.12</slf4j.version>
+		<jetty.version>10.0.21</jetty.version>
+		<slf4j.version>2.0.13</slf4j.version>
 
 		<!-- test dependencies -->
 		<junit.jupiter.version>5.10.2</junit.jupiter.version>

From b1838f5ba36b34f615743f1b95398d26b8e0573f Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Fri, 7 Jun 2024 14:05:32 +0000
Subject: [PATCH 10/19] Hardening the CI in relation to PRs

---
 .github/workflows/build.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 98dc1ea..d63d924 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,8 @@
 name: Build
 on:
-  [push]
+  push:
+  pull_request_target:
+    types: [labeled]
 jobs:
   build:
     name: Build and Test
@@ -34,4 +36,4 @@ jobs:
         with:
           prerelease: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
-          generate_release_notes: true
\ No newline at end of file
+          generate_release_notes: true

From d2a92a1711b12469de6921c0b4dd6be14ce09962 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 8 Jul 2024 10:02:32 +0200
Subject: [PATCH 11/19] Update org.owasp:dependency-check-maven from 9.2.0 to
 10.0.2

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cc69534..0cffa32 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
 		<junit.jupiter.version>5.10.2</junit.jupiter.version>
 
 		<!-- mvn plugin dependencies -->
-		<dependency-check.version>9.2.0</dependency-check.version>
+		<dependency-check.version>10.0.2</dependency-check.version>
 		<jacoco.version>0.8.12</jacoco.version>
 		<nexus-staging.version>1.7.0</nexus-staging.version>
 		<maven.deploy.version>3.1.2</maven.deploy.version>

From 43561f80133df9d036bb17599c76d73b94f69708 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 30 Oct 2024 17:41:38 +0100
Subject: [PATCH 12/19] define maven plugin versions as properties

---
 pom.xml | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0cffa32..0d30aad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,10 +28,16 @@
 		<junit.jupiter.version>5.10.2</junit.jupiter.version>
 
 		<!-- mvn plugin dependencies -->
+		<mvn-compiler.version>3.13.0</mvn-compiler.version>
+		<mvn-surefire.version>3.2.5</mvn-surefire.version>
+		<mvn-jar.version>3.4.1</mvn-jar.version>
+		<mvn-source.version>3.3.1</mvn-source.version>
+		<mvn-javadoc.version>3.7.0</mvn-javadoc.version>
+		<mvn-deploy.version>3.1.2</mvn-deploy.version>
+		<mvn-gpg.version>3.2.4</mvn-gpg.version>
 		<dependency-check.version>10.0.2</dependency-check.version>
 		<jacoco.version>0.8.12</jacoco.version>
 		<nexus-staging.version>1.7.0</nexus-staging.version>
-		<maven.deploy.version>3.1.2</maven.deploy.version>
 	</properties>
 
 	<licenses>
@@ -113,7 +119,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.13.0</version>
+				<version>${mvn-compiler.version}</version>
 				<configuration>
 					<release>${project.build.jdk}</release>
 					<showWarnings>true</showWarnings>
@@ -122,16 +128,16 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.2.5</version>
+				<version>${mvn-surefire.version}</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.4.1</version>
+				<version>${mvn-jar.version}</version>
 			</plugin>
 			<plugin>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.3.1</version>
+				<version>${mvn-source.version}</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -143,7 +149,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.7.0</version>
+				<version>${mvn-javadoc.version}</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -219,7 +225,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.2.4</version>
+						<version>${mvn-gpg.version}</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -280,7 +286,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-deploy-plugin</artifactId>
-						<version>${maven.deploy.version}</version>
+						<version>${mvn-deploy.version}</version>
 					</plugin>
 				</plugins>
 			</build>

From cd49271f6618e6f724a438d7b357b0429397b2ad Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 30 Oct 2024 17:44:19 +0100
Subject: [PATCH 13/19] do not leak NVD API key into logs

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0d30aad..b9eba4f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,7 +177,7 @@
 							<skipTestScope>true</skipTestScope>
 							<detail>true</detail>
 							<suppressionFile>suppression.xml</suppressionFile>
-							<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
+							<nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
 						</configuration>
 						<executions>
 							<execution>

From 08b7bf1e4f9b6f87205e03b2cee99623e719c114 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 30 Oct 2024 17:45:30 +0100
Subject: [PATCH 14/19] use bc signer for maven sign plugin

---
 .github/workflows/publish-central.yml | 6 +++---
 .github/workflows/publish-github.yml  | 4 ++--
 pom.xml                               | 5 +----
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 4325ed4..861e8b8 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -21,8 +21,6 @@ jobs:
           server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
           server-username: MAVEN_USERNAME # env variable for username in deploy
           server-password: MAVEN_PASSWORD # env variable for token in deploy
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.inputs.tag }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
       - name: Deploy
@@ -35,4 +33,6 @@ jobs:
             --add-opens=java.desktop/java.awt.font=ALL-UNNAMED
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
\ No newline at end of file
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_KEY_FINGERPRINT: "58117AFA1F85B3EEC154677D615D449FE6E6A235"
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index be60dec..2afd5f4 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -13,8 +13,6 @@ jobs:
           java-version: 21
           distribution: 'temurin'
           cache: 'maven'
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.release.tag_name }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
       - name: Deploy
@@ -22,6 +20,8 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_KEY_FINGERPRINT: "58117AFA1F85B3EEC154677D615D449FE6E6A235"
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
         env:
diff --git a/pom.xml b/pom.xml
index b9eba4f..72ef3d0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -234,10 +234,7 @@
 									<goal>sign</goal>
 								</goals>
 								<configuration>
-									<gpgArguments>
-										<arg>--pinentry-mode</arg>
-										<arg>loopback</arg>
-									</gpgArguments>
+									<signer>bc</signer>
 								</configuration>
 							</execution>
 						</executions>

From 2adca5a1758112f109bfbe75517d7396ec6b0a86 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 09:55:58 +0000
Subject: [PATCH 15/19] Bump the maven-build-plugins group across 1 directory
 with 6 updates (#92)

---
 pom.xml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pom.xml b/pom.xml
index 72ef3d0..3000d22 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,13 +29,13 @@
 
 		<!-- mvn plugin dependencies -->
 		<mvn-compiler.version>3.13.0</mvn-compiler.version>
-		<mvn-surefire.version>3.2.5</mvn-surefire.version>
-		<mvn-jar.version>3.4.1</mvn-jar.version>
+		<mvn-surefire.version>3.5.1</mvn-surefire.version>
+		<mvn-jar.version>3.4.2</mvn-jar.version>
 		<mvn-source.version>3.3.1</mvn-source.version>
-		<mvn-javadoc.version>3.7.0</mvn-javadoc.version>
-		<mvn-deploy.version>3.1.2</mvn-deploy.version>
-		<mvn-gpg.version>3.2.4</mvn-gpg.version>
-		<dependency-check.version>10.0.2</dependency-check.version>
+		<mvn-javadoc.version>3.10.1</mvn-javadoc.version>
+		<mvn-deploy.version>3.1.3</mvn-deploy.version>
+		<mvn-gpg.version>3.2.7</mvn-gpg.version>
+		<dependency-check.version>11.1.0</dependency-check.version>
 		<jacoco.version>0.8.12</jacoco.version>
 		<nexus-staging.version>1.7.0</nexus-staging.version>
 	</properties>

From 69616bbef4a721038730b6ffba6477551a9216cb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:56:07 +0000
Subject: [PATCH 16/19] Bump org.junit.jupiter:junit-jupiter from 5.10.2 to
 5.11.0 (#89)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3000d22..71bfc09 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
 		<slf4j.version>2.0.13</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.10.2</junit.jupiter.version>
+		<junit.jupiter.version>5.11.0</junit.jupiter.version>
 
 		<!-- mvn plugin dependencies -->
 		<mvn-compiler.version>3.13.0</mvn-compiler.version>

From 3672817637afc2c0006cfc573faee4c31f17658f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 11:14:20 +0000
Subject: [PATCH 17/19] Bump the java-production-dependencies group across 1
 directory with 7 updates (#94)

---
 pom.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 71bfc09..e210e89 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,10 +19,10 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
 		<!-- dependencies -->
-		<integrations-api.version>1.3.1</integrations-api.version>
-		<webdavservlet.version>1.2.5</webdavservlet.version>
-		<jetty.version>10.0.21</jetty.version>
-		<slf4j.version>2.0.13</slf4j.version>
+		<integrations-api.version>1.4.0</integrations-api.version>
+		<webdavservlet.version>1.2.6</webdavservlet.version>
+		<jetty.version>10.0.24</jetty.version>
+		<slf4j.version>2.0.16</slf4j.version>
 
 		<!-- test dependencies -->
 		<junit.jupiter.version>5.11.0</junit.jupiter.version>
@@ -88,7 +88,7 @@
 		<dependency>
 			<groupId>org.jetbrains</groupId>
 			<artifactId>annotations</artifactId>
-			<version>24.1.0</version>
+			<version>26.0.1</version>
 			<scope>provided</scope>
 		</dependency>
 

From df7eb24af285d6f4d509f42d8272180b103f3ef5 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 31 Oct 2024 12:16:41 +0100
Subject: [PATCH 18/19] prepare 2.0.7

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e210e89..50c2cd2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>webdav-nio-adapter</artifactId>
-	<version>2.1.0-SNAPSHOT</version>
+	<version>2.0.7</version>
 	<name>WebDAV-NIO Adapter</name>
 	<description>Embedded Jetty serving a WebDAV servlet to access resources at a given NIO path.</description>
 	<url>https://github.com/cryptomator/webdav-nio-adapter</url>

From c73b47510e5855505e96169519b8e848d2b2a2b0 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 31 Oct 2024 12:30:09 +0100
Subject: [PATCH 19/19] Update suppression.xml

CVE-2024-6763
---
 suppression.xml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/suppression.xml b/suppression.xml
index cefe341..d6f6488 100644
--- a/suppression.xml
+++ b/suppression.xml
@@ -29,5 +29,13 @@
 		<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
 		<cve>CVE-2020-8908</cve>
 	</suppress>
+	<suppress>
+   		<notes><![CDATA[
+			The project does not use the HttpURI class at all, so no decoded user data is passed to it.
+			See also https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh.
+		]]></notes>
+   		<packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty-http@.*$</packageUrl>
+   		<vulnerabilityName>CVE-2024-6763</vulnerabilityName>
+</suppress>
 
-</suppressions>
\ No newline at end of file
+</suppressions>