Update dependency org.owasp:dependency-check-maven to v12.1.9

Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.5.7' (!12 ) from renovate/org.springframework.boot-spring-boot-starter-data-jpa-3.x into main
Reviewed-on: #12
2025-11-11 13:02:55 +00:00 · 2025-11-06 19:06:11 +01:00 · 2025-11-06 19:06:03 +01:00 · 2025-11-06 19:05:56 +01:00 · 2025-11-06 19:05:49 +01:00 · 2025-11-06 19:04:39 +01:00
2 changed files with 22 additions and 23 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -13,58 +13,58 @@
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
-            <version>2.23.1</version>
+            <version>2.25.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-core</artifactId>
-            <version>2.23.1</version>
+            <version>2.25.2</version>
        </dependency>

        <!-- Web Dependencies -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
-            <version>3.4.3</version>
+            <version>3.5.7</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-json</artifactId>
-            <version>3.4.3</version>
+            <version>3.5.7</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
-            <version>3.4.4</version>
+            <version>3.5.7</version>
        </dependency>

        <!-- Security and Auth -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
-            <version>3.4.3</version>
+            <version>3.5.7</version>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-api</artifactId>
-            <version>0.11.5</version>
+            <version>0.13.0</version>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-impl</artifactId>
-            <version>0.11.5</version>
+            <version>0.13.0</version>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-jackson</artifactId>
-            <version>0.11.5</version>
+            <version>0.13.0</version>
        </dependency>

        <!-- Database Dependencies -->
        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
-            <version>42.7.5</version>
+            <version>42.7.8</version>
        </dependency>
    </dependencies>

@@ -73,7 +73,7 @@
            <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
-                <version>12.1.0</version>
+                <version>12.1.9</version>
                <configuration>
                    <failBuildOnCVSS>8</failBuildOnCVSS>
                    <nvdApiKey>${nvdApiKey}</nvdApiKey>
--- a/src/main/java/wtf/beatrice/releasehive/services/JWTService.java
+++ b/src/main/java/wtf/beatrice/releasehive/services/JWTService.java
@@ -2,14 +2,13 @@ package wtf.beatrice.releasehive.services;

 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import wtf.beatrice.releasehive.models.User;

-import java.security.Key;
+import javax.crypto.SecretKey;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -52,11 +51,11 @@ public class JWTService
    ) {
        return Jwts
                .builder()
-                .setClaims(extraClaims)
-                .setSubject(userDetails.getEmail())
-                .setIssuedAt(new Date(System.currentTimeMillis()))
-                .setExpiration(new Date(System.currentTimeMillis() + expiration))
-                .signWith(getSignInKey(), SignatureAlgorithm.HS256)
+                .claims(extraClaims)
+                .subject(userDetails.getEmail())
+                .issuedAt(new Date(System.currentTimeMillis()))
+                .expiration(new Date(System.currentTimeMillis() + expiration))
+                .signWith(getSignInKey(), Jwts.SIG.HS256)
                .compact();
    }

@@ -75,14 +74,14 @@ public class JWTService

    private Claims extractAllClaims(String token) {
        return Jwts
-                .parserBuilder()
-                .setSigningKey(getSignInKey())
+                .parser()
+                .verifyWith(getSignInKey())
                .build()
-                .parseClaimsJws(token)
-                .getBody();
+                .parseSignedClaims(token)
+                .getPayload();
    }

-    private Key getSignInKey() {
+    private SecretKey getSignInKey() {
        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
        return Keys.hmacShaKeyFor(keyBytes);
    }
Author	SHA1	Message	Date
Renovate Bot	dcd656606f	Update dependency org.owasp:dependency-check-maven to v12.1.9 Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/pr Build is failing Details	2025-11-11 13:02:55 +00:00
Beatrice Dellacà	2831f03ac1	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.5.7' (!12 ) from renovate/org.springframework.boot-spring-boot-starter-data-jpa-3.x into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #12	2025-11-06 19:06:11 +01:00
Beatrice Dellacà	e5ffea3196	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-json to v3.5.7' (!13 ) from renovate/org.springframework.boot-spring-boot-starter-json-3.x into main Some checks failed continuous-integration/drone/push Build was killed Details Reviewed-on: #13	2025-11-06 19:06:03 +01:00
Beatrice Dellacà	d0776d7f0b	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.7' (!14 ) from renovate/org.springframework.boot-spring-boot-starter-security-3.x into main Some checks failed continuous-integration/drone/push Build was killed Details Reviewed-on: #14	2025-11-06 19:05:56 +01:00
Beatrice Dellacà	2acafb87eb	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-web to v3.5.7' (!15 ) from renovate/org.springframework.boot-spring-boot-starter-web-3.x into main Some checks failed continuous-integration/drone/push Build was killed Details Reviewed-on: #15	2025-11-06 19:05:49 +01:00
Beatrice Dellacà	f733b03213	Merge pull request 'Update dependency org.apache.logging.log4j:log4j-api to v2.25.2' (!19 ) from renovate/org.apache.logging.log4j-log4j-api-2.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #19	2025-11-06 19:04:39 +01:00
Beatrice Dellacà	2c3246660e	Merge pull request 'Update dependency org.owasp:dependency-check-maven to v12.1.8' (!17 ) from renovate/org.owasp-dependency-check-maven-12.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #17	2025-11-06 19:04:30 +01:00
Beatrice Dellacà	d98991c0a0	Merge pull request 'Update dependency org.apache.logging.log4j:log4j-core to v2.25.2' (!20 ) from renovate/org.apache.logging.log4j-log4j-core-2.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #20	2025-11-06 19:04:22 +01:00
Beatrice Dellacà	d0f0e72eb2	Merge pull request 'Update dependency io.jsonwebtoken:jjwt-api to v0.13.0' (!21 ) from renovate/io.jsonwebtoken-jjwt-api-0.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #21	2025-11-06 19:04:10 +01:00
Beatrice Dellacà	ad675f06f0	Merge pull request 'Update dependency io.jsonwebtoken:jjwt-impl to v0.13.0' (!22 ) from renovate/io.jsonwebtoken-jjwt-impl-0.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #22	2025-11-06 19:04:00 +01:00
Beatrice Dellacà	90334d15f8	Merge pull request 'Update dependency io.jsonwebtoken:jjwt-jackson to v0.13.0' (!23 ) from renovate/io.jsonwebtoken-jjwt-jackson-0.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #23	2025-11-06 19:03:52 +01:00
Renovate Bot	02be0a405e	Update dependency io.jsonwebtoken:jjwt-jackson to v0.13.0 Some checks failed continuous-integration/drone/pr Build was killed Details continuous-integration/drone/push Build is failing Details	2025-11-06 18:02:14 +00:00
Beatrice Dellacà	574dd4c093	Merge pull request 'Update dependency org.postgresql:postgresql to v42.7.8' (!18 ) from renovate/org.postgresql-postgresql-42.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #18	2025-11-06 18:56:16 +01:00
Renovate Bot	e69462be26	Update dependency org.springframework.boot:spring-boot-starter-web to v3.5.7	2025-11-06 13:45:20 +00:00
Renovate Bot	2024c356b0	Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.7	2025-11-06 13:45:18 +00:00
Renovate Bot	66233827fd	Update dependency org.springframework.boot:spring-boot-starter-json to v3.5.7	2025-11-06 13:45:16 +00:00
Renovate Bot	02bd377430	Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.5.7	2025-11-06 13:45:14 +00:00
Renovate Bot	a2e69c6a57	Update dependency org.apache.logging.log4j:log4j-core to v2.25.2	2025-11-06 13:45:12 +00:00
Renovate Bot	bbbf34da6e	Update dependency org.apache.logging.log4j:log4j-api to v2.25.2	2025-11-06 13:45:10 +00:00
Renovate Bot	e05e523c12	Update dependency io.jsonwebtoken:jjwt-impl to v0.13.0	2025-11-06 13:45:09 +00:00
Renovate Bot	8d6bb14fc1	Update dependency io.jsonwebtoken:jjwt-api to v0.13.0	2025-11-06 13:45:07 +00:00
Renovate Bot	91415bea5b	Update dependency org.postgresql:postgresql to v42.7.8	2025-11-06 13:45:05 +00:00
Renovate Bot	18ca42a056	Update dependency org.owasp:dependency-check-maven to v12.1.8	2025-11-06 13:45:03 +00:00
Beatrice Dellacà	8029f2d931	Merge pull request 'Update dependency org.postgresql:postgresql to v42.7.6' (!16 ) from renovate/org.postgresql-postgresql-42.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #16	2025-06-01 20:27:05 +02:00
Renovate Bot	d6ffe35d6e	Update dependency org.postgresql:postgresql to v42.7.6 Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2025-05-28 11:00:57 +00:00
Beatrice Dellacà	8b5ba88d24	Merge pull request 'Update dependency org.owasp:dependency-check-maven to v12.1.1' (!11 ) from renovate/org.owasp-dependency-check-maven-12.x into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #11	2025-04-13 00:55:35 +02:00
Renovate Bot	86742f1f1a	Update dependency org.owasp:dependency-check-maven to v12.1.1 Some checks failed continuous-integration/drone/pr Build is failing Details continuous-integration/drone/push Build is passing Details	2025-04-05 13:01:12 +00:00
Beatrice Dellacà	8acc7460a0	Merge pull request 'Update dependency org.apache.logging.log4j:log4j-api to v2.24.3' (!9 ) from renovate/org.apache.logging.log4j-log4j-api-2.x into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #9	2025-03-23 15:29:10 +01:00
Beatrice Dellacà	656a337501	Merge pull request 'Update dependency org.apache.logging.log4j:log4j-core to v2.24.3' (!10 ) from renovate/org.apache.logging.log4j-log4j-core-2.x into main Some checks failed continuous-integration/drone/push Build was killed Details Reviewed-on: #10	2025-03-23 15:28:56 +01:00
Renovate Bot	8eaae7c659	Update dependency org.apache.logging.log4j:log4j-core to v2.24.3 Some checks failed continuous-integration/drone/push Build was killed Details continuous-integration/drone/pr Build was killed Details	2025-03-23 14:26:51 +00:00
Renovate Bot	6c077bce27	Update dependency org.apache.logging.log4j:log4j-api to v2.24.3 Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build was killed Details	2025-03-23 14:26:48 +00:00
Beatrice Dellacà	7a0ee4b438	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-json to v3.4.4' (!5 ) from renovate/org.springframework.boot-spring-boot-starter-json-3.x into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #5	2025-03-23 15:17:21 +01:00
Beatrice Dellacà	03ea142db2	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-security to v3.4.4' (!6 ) from renovate/org.springframework.boot-spring-boot-starter-security-3.x into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #6	2025-03-23 15:17:12 +01:00
Beatrice Dellacà	d285783fe7	fix build with new jsonwebtoken api Some checks failed continuous-integration/drone/push Build was killed Details	2025-03-23 15:16:19 +01:00
Beatrice Dellacà	eced10976b	Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-web to v3.4.4' (!7 ) from renovate/org.springframework.boot-spring-boot-starter-web-3.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #7	2025-03-23 14:56:32 +01:00
Beatrice Dellacà	eadeb8c518	Merge pull request 'Update dependency io.jsonwebtoken:jjwt-api to v0.12.6' (!8 ) from renovate/io.jsonwebtoken-jjwt-api-0.x into main Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #8	2025-03-23 14:56:19 +01:00
Renovate Bot	6ffa22d7b5	Update dependency io.jsonwebtoken:jjwt-api to v0.12.6 Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2025-03-23 13:28:05 +00:00
Renovate Bot	dacdfd7935	Update dependency org.springframework.boot:spring-boot-starter-web to v3.4.4 Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2025-03-23 13:28:03 +00:00
Renovate Bot	a728e376f2	Update dependency org.springframework.boot:spring-boot-starter-security to v3.4.4 Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/pr Build is failing Details	2025-03-23 12:27:16 +00:00
Renovate Bot	9890086810	Update dependency org.springframework.boot:spring-boot-starter-json to v3.4.4 Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2025-03-23 12:27:14 +00:00