From 94725c5b92dba35be7fd3bd6162af2c25bcfeb89 Mon Sep 17 00:00:00 2001 From: Sambo Chea <7059827+sombochea@users.noreply.github.com> Date: Sun, 13 Mar 2022 15:54:21 +0700 Subject: [PATCH 01/12] Create codacy.yml --- .github/workflows/codacy.yml | 60 ++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/codacy.yml diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 0000000..752ecc8 --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,60 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '41 23 * * 3' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v2 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif From aaa6e4323acfc16c2e33fc0e4add86d44ef20b0c Mon Sep 17 00:00:00 2001 From: Sambo Chea <7059827+sombochea@users.noreply.github.com> Date: Sat, 26 Mar 2022 08:55:09 +0700 Subject: [PATCH 02/12] Create dependabot.yml --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..13f8d2d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "gradle" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" From c8174f21ea5770a03f11a04f66e17c01264a8501 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Mar 2022 01:55:29 +0000 Subject: [PATCH 03/12] Bump org.springframework.boot from 2.6.1 to 2.6.5 Bumps org.springframework.boot from 2.6.1 to 2.6.5. --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 907644d..cf216c9 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,7 +1,7 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile plugins { - id("org.springframework.boot") version "2.6.1" apply false + id("org.springframework.boot") version "2.6.5" apply false id("io.spring.dependency-management") version "1.0.11.RELEASE" apply false kotlin("jvm") version "1.6.0" apply false kotlin("plugin.spring") version "1.6.0" apply false From 98a5fa6aa234c52cc3027d85d473c32fa03168aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Mar 2022 01:55:38 +0000 Subject: [PATCH 04/12] Bump plugin.spring from 1.6.0 to 1.6.10 Bumps plugin.spring from 1.6.0 to 1.6.10. --- updated-dependencies: - dependency-name: plugin.spring dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 907644d..a0ef9fc 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,7 +4,7 @@ plugins { id("org.springframework.boot") version "2.6.1" apply false id("io.spring.dependency-management") version "1.0.11.RELEASE" apply false kotlin("jvm") version "1.6.0" apply false - kotlin("plugin.spring") version "1.6.0" apply false + kotlin("plugin.spring") version "1.6.10" apply false // kotlin("plugin.jpa") version "1.6.0" apply false } From c03641f50d44dc4e6183d6ce7c4f978a1e650edd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Mar 2022 01:55:42 +0000 Subject: [PATCH 05/12] Bump jvm from 1.6.0 to 1.6.10 Bumps jvm from 1.6.0 to 1.6.10. --- updated-dependencies: - dependency-name: jvm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 907644d..1c74d9c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,7 +3,7 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile plugins { id("org.springframework.boot") version "2.6.1" apply false id("io.spring.dependency-management") version "1.0.11.RELEASE" apply false - kotlin("jvm") version "1.6.0" apply false + kotlin("jvm") version "1.6.10" apply false kotlin("plugin.spring") version "1.6.0" apply false // kotlin("plugin.jpa") version "1.6.0" apply false } From 22790afd5f9a8b91629d76c9ecbaecbdd373a8fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Mar 2022 06:32:45 +0000 Subject: [PATCH 06/12] Bump springdoc-openapi-ui from 1.5.13 to 1.6.6 Bumps [springdoc-openapi-ui](https://github.com/springdoc/springdoc-openapi) from 1.5.13 to 1.6.6. - [Release notes](https://github.com/springdoc/springdoc-openapi/releases) - [Changelog](https://github.com/springdoc/springdoc-openapi/blob/master/CHANGELOG.md) - [Commits](https://github.com/springdoc/springdoc-openapi/compare/v1.5.13...v1.6.6) --- updated-dependencies: - dependency-name: org.springdoc:springdoc-openapi-ui dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- api/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/build.gradle.kts b/api/build.gradle.kts index 63065e0..0031bf6 100644 --- a/api/build.gradle.kts +++ b/api/build.gradle.kts @@ -33,7 +33,7 @@ springBoot { dependencies { // Migrating from SpringFox - implementation("org.springdoc:springdoc-openapi-ui:1.5.13") + implementation("org.springdoc:springdoc-openapi-ui:1.6.6") // SPRING FRAMEWORK AND CORE implementation("org.springframework.boot:spring-boot-starter-web") From c0d9273e9a1618ab9207d2cbc829014f5a57e66e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Apr 2022 06:33:42 +0000 Subject: [PATCH 07/12] Bump org.springframework.boot from 2.6.5 to 2.6.6 Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 2.6.5 to 2.6.6. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.6.5...v2.6.6) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 71d4db6..8d81040 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,7 +1,7 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile plugins { - id("org.springframework.boot") version "2.6.5" apply false + id("org.springframework.boot") version "2.6.6" apply false id("io.spring.dependency-management") version "1.0.11.RELEASE" apply false kotlin("jvm") version "1.6.10" apply false kotlin("plugin.spring") version "1.6.10" apply false From 7417be8c6f67f00e4653ebbe1498df41e107ba26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Apr 2022 06:28:29 +0000 Subject: [PATCH 08/12] Bump jvm from 1.6.10 to 1.6.20 Bumps jvm from 1.6.10 to 1.6.20. --- updated-dependencies: - dependency-name: jvm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 8d81040..91c9cdc 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,7 +3,7 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile plugins { id("org.springframework.boot") version "2.6.6" apply false id("io.spring.dependency-management") version "1.0.11.RELEASE" apply false - kotlin("jvm") version "1.6.10" apply false + kotlin("jvm") version "1.6.20" apply false kotlin("plugin.spring") version "1.6.10" apply false // kotlin("plugin.jpa") version "1.6.10" apply false } From 0b429d2ea966ec28925982202f049505d6863df9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Apr 2022 06:28:32 +0000 Subject: [PATCH 09/12] Bump plugin.spring from 1.6.10 to 1.6.20 Bumps plugin.spring from 1.6.10 to 1.6.20. --- updated-dependencies: - dependency-name: plugin.spring dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 8d81040..18709ba 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,7 +4,7 @@ plugins { id("org.springframework.boot") version "2.6.6" apply false id("io.spring.dependency-management") version "1.0.11.RELEASE" apply false kotlin("jvm") version "1.6.10" apply false - kotlin("plugin.spring") version "1.6.10" apply false + kotlin("plugin.spring") version "1.6.20" apply false // kotlin("plugin.jpa") version "1.6.10" apply false } From 40e69d19a8b01279a0b1e21e4e35e7a75f58e145 Mon Sep 17 00:00:00 2001 From: Sambo Chea <7059827+sombochea@users.noreply.github.com> Date: Fri, 8 Apr 2022 12:25:35 +0700 Subject: [PATCH 10/12] Update gradle-wrapper.properties --- gradle/wrapper/gradle-wrapper.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 4d1a59e..72e3dee 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https://mirror.ctdn.net/gradle/gradle-7.3.1-bin.zip +distributionUrl=https://mirror.ctdn.net/gradle/gradle-7.4.1-bin.zip zipStoreBase=GRADLE_USER_HOME -zipStorePath=wrapper/dists \ No newline at end of file +zipStorePath=wrapper/dists From 49faa30bbf5046cedf16238ad8627fdc141d74ef Mon Sep 17 00:00:00 2001 From: Sambo Chea <7059827+sombochea@users.noreply.github.com> Date: Fri, 8 Apr 2022 12:25:54 +0700 Subject: [PATCH 11/12] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2fe194e..6678b8e 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,6 @@ - Sambo Chea ### Language and Framework -- Spring Boot: 2.5.7 -- Kotlin: 1.6.0 -- Gradle: 7.3.1 \ No newline at end of file +- Spring Boot: 2.6.6 +- Kotlin: 1.6.20 +- Gradle: 7.4.1 From 8ccbbfa41d50d64660e40b53bfdbfdb3f06facdf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Apr 2022 06:29:57 +0000 Subject: [PATCH 12/12] Bump springdoc-openapi-ui from 1.6.6 to 1.6.7 Bumps [springdoc-openapi-ui](https://github.com/springdoc/springdoc-openapi) from 1.6.6 to 1.6.7. - [Release notes](https://github.com/springdoc/springdoc-openapi/releases) - [Changelog](https://github.com/springdoc/springdoc-openapi/blob/master/CHANGELOG.md) - [Commits](https://github.com/springdoc/springdoc-openapi/compare/v1.6.6...v1.6.7) --- updated-dependencies: - dependency-name: org.springdoc:springdoc-openapi-ui dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- api/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/build.gradle.kts b/api/build.gradle.kts index 0031bf6..b1e1d36 100644 --- a/api/build.gradle.kts +++ b/api/build.gradle.kts @@ -33,7 +33,7 @@ springBoot { dependencies { // Migrating from SpringFox - implementation("org.springdoc:springdoc-openapi-ui:1.6.6") + implementation("org.springdoc:springdoc-openapi-ui:1.6.7") // SPRING FRAMEWORK AND CORE implementation("org.springframework.boot:spring-boot-starter-web")