diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index da3e863a..3b737cab 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,24 +14,24 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Setup Java8
if: ${{ matrix.project == 'slipway-jetty9' }}
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '8'
- name: Setup Java11
if: ${{ matrix.project != 'slipway-jetty9' }}
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Install clojure tools
- uses: DeLaGuardo/setup-clojure@10.3
+ uses: DeLaGuardo/setup-clojure@12.3
with:
lein: 'latest'
github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -62,8 +62,8 @@ jobs:
- name: Persist NVD
if: always()
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
- name: NVD result
+ name: nvd-${{ matrix.project }}-${{ github.sha }}
path: ./${{ matrix.project }}/dependency-check/report/*
retention-days: 1
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2691924c..d2519f0e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
# Change Log
All notable changes to this project will be documented in this file. This change log follows the conventions of [keepachangelog.com](http://keepachangelog.com/)
+## [1.1.12] - 2024-02-05
+
+Bump to latest Jetty version (11.0.20 or equivalent)
+
## [1.1.11] - 2024-01-08
Bump to latest Jetty version (11.0.19 or equivalent)
diff --git a/README.md b/README.md
index 99aeb8ce..3de5a63d 100644
--- a/README.md
+++ b/README.md
@@ -7,8 +7,8 @@
| Jetty Version | Current Jetty Dependency | Clojars Project |
| ------------- | ------------------------ | --------------- |
| Jetty 9 | 9.4.53.v20231009 | [](https://clojars.org/io.factorhouse/slipway-jetty9) |
-| Jetty 10 | 10.0.19 | [](https://clojars.org/io.factorhouse/slipway-jetty10) |
-| Jetty 11 | 11.0.19 | [](https://clojars.org/io.factorhouse/slipway-jetty11) |
+| Jetty 10 | 10.0.20 | [](https://clojars.org/io.factorhouse/slipway-jetty10) |
+| Jetty 11 | 11.0.20 | [](https://clojars.org/io.factorhouse/slipway-jetty11) |
| Jetty 12 | - | Available once Jetty 12 stabilises. |
----
diff --git a/scripts/dependency-checker.sh b/scripts/dependency-checker.sh
index aace62c8..93e1d043 100755
--- a/scripts/dependency-checker.sh
+++ b/scripts/dependency-checker.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
-VERSION="8.4.0"
+VERSION="9.0.9"
if [ ! -d "dependency-check" ]
then
diff --git a/slipway-jetty10/dependency-check-suppressions.xml b/slipway-jetty10/dependency-check-suppressions.xml
index a0e2af1c..d6451854 100644
--- a/slipway-jetty10/dependency-check-suppressions.xml
+++ b/slipway-jetty10/dependency-check-suppressions.xml
@@ -7,4 +7,14 @@
^pkg:maven/commons\-fileupload/commons\-fileupload@.*$
CVE-2023-24998
+
+ Clojure false positive
+ ^pkg:maven/org\.clojure/.*$
+ CVE-2017-20189
+
+
+ Clojure false positive
+ ^pkg:maven/ring/ring\-codec@.*$
+ CVE-2017-20189
+
diff --git a/slipway-jetty10/project.clj b/slipway-jetty10/project.clj
index b3d35f78..7c657551 100644
--- a/slipway-jetty10/project.clj
+++ b/slipway-jetty10/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty10 "1.1.11"
+(defproject io.factorhouse/slipway-jetty10 "1.1.12"
:description "A Clojure Companion for Jetty"
@@ -25,12 +25,12 @@
[org.clojure/tools.logging "1.2.4"]
[ring/ring-servlet "1.9.6"]
[com.taoensso/sente "1.17.0"]
- [org.eclipse.jetty.websocket/websocket-jetty-api "10.0.19"]
- [org.eclipse.jetty.websocket/websocket-jetty-server "10.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.eclipse.jetty.websocket/websocket-servlet "10.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.eclipse.jetty/jetty-server "10.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.eclipse.jetty/jetty-jaas "10.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.slf4j/slf4j-api "2.0.10"]]
+ [org.eclipse.jetty.websocket/websocket-jetty-api "10.0.20"]
+ [org.eclipse.jetty.websocket/websocket-jetty-server "10.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.eclipse.jetty.websocket/websocket-servlet "10.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.eclipse.jetty/jetty-server "10.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.eclipse.jetty/jetty-jaas "10.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.slf4j/slf4j-api "2.0.11"]]
:source-paths ["common/src" "common-jetty1x/src" "common-javax/src"]
:test-paths ["test" "common/test"])
diff --git a/slipway-jetty11/dependency-check-suppressions.xml b/slipway-jetty11/dependency-check-suppressions.xml
index a0d9218c..4759505e 100644
--- a/slipway-jetty11/dependency-check-suppressions.xml
+++ b/slipway-jetty11/dependency-check-suppressions.xml
@@ -7,4 +7,14 @@
^pkg:maven/commons\-fileupload/commons\-fileupload@.*$
CVE-2023-24998
+
+ Clojure false positive
+ ^pkg:maven/org\.clojure/.*$
+ CVE-2017-20189
+
+
+ Clojure false positive
+ ^pkg:maven/ring/ring\-codec@.*$
+ CVE-2017-20189
+
diff --git a/slipway-jetty11/project.clj b/slipway-jetty11/project.clj
index 552cec23..4b3c0cdc 100644
--- a/slipway-jetty11/project.clj
+++ b/slipway-jetty11/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty11 "1.1.11"
+(defproject io.factorhouse/slipway-jetty11 "1.1.12"
:description "A Clojure Companion for Jetty"
@@ -25,12 +25,12 @@
[org.clojure/tools.logging "1.2.4"]
[ring/ring-servlet "1.9.6"]
[com.taoensso/sente "1.17.0"]
- [org.eclipse.jetty.websocket/websocket-jetty-api "11.0.19"]
- [org.eclipse.jetty.websocket/websocket-jetty-server "11.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.eclipse.jetty.websocket/websocket-servlet "11.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.eclipse.jetty/jetty-server "11.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.eclipse.jetty/jetty-jaas "11.0.19" :exclusions [org.slf4j/slf4j-api]]
- [org.slf4j/slf4j-api "2.0.10"]]
+ [org.eclipse.jetty.websocket/websocket-jetty-api "11.0.20"]
+ [org.eclipse.jetty.websocket/websocket-jetty-server "11.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.eclipse.jetty.websocket/websocket-servlet "11.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.eclipse.jetty/jetty-server "11.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.eclipse.jetty/jetty-jaas "11.0.20" :exclusions [org.slf4j/slf4j-api]]
+ [org.slf4j/slf4j-api "2.0.11"]]
:source-paths ["common/src" "common-jetty1x/src" "common-jakarta/src"]
:test-paths ["test" "common/test"])
diff --git a/slipway-jetty9/dependency-check-suppressions.xml b/slipway-jetty9/dependency-check-suppressions.xml
index b955669d..4d64ab46 100644
--- a/slipway-jetty9/dependency-check-suppressions.xml
+++ b/slipway-jetty9/dependency-check-suppressions.xml
@@ -7,4 +7,14 @@
^pkg:maven/commons\-fileupload/commons\-fileupload@.*$
CVE-2023-24998
+
+ Clojure false positive
+ ^pkg:maven/org\.clojure/.*$
+ CVE-2017-20189
+
+
+ Clojure false positive
+ ^pkg:maven/ring/ring\-codec@.*$
+ CVE-2017-20189
+
diff --git a/slipway-jetty9/project.clj b/slipway-jetty9/project.clj
index 23a62e88..2cd6aa50 100644
--- a/slipway-jetty9/project.clj
+++ b/slipway-jetty9/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty9 "1.1.11"
+(defproject io.factorhouse/slipway-jetty9 "1.1.12"
:description "A Clojure Companion for Jetty"
@@ -29,7 +29,7 @@
[org.eclipse.jetty.websocket/websocket-server "9.4.53.v20231009"]
[org.eclipse.jetty.websocket/websocket-servlet "9.4.53.v20231009"]
[org.eclipse.jetty/jetty-jaas "9.4.53.v20231009"]
- [org.slf4j/slf4j-api "2.0.10"]]
+ [org.slf4j/slf4j-api "2.0.11"]]
:source-paths ["src" "common/src" "common-javax/src"]
:test-paths ["test" "common/test"]