From b9c4d919cfb2328b666522d5d3b6ddd9fc21cdb6 Mon Sep 17 00:00:00 2001 From: qaate47 Date: Fri, 29 Nov 2024 11:55:01 +0100 Subject: [PATCH 1/2] prepare for version 2.3.0 --- pom.xml | 2 +- qendpoint-backend/pom.xml | 4 ++-- qendpoint-cli/pom.xml | 4 ++-- qendpoint-core/pom.xml | 4 ++-- qendpoint-store/pom.xml | 4 ++-- release/RELEASE.md | 8 +++----- release/RELEASE.md_old | 7 +++++++ 7 files changed, 19 insertions(+), 14 deletions(-) diff --git a/pom.xml b/pom.xml index 911690d5..e4845c97 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ com.the-qa-company qendpoint-parent - 2.2.0 + 2.3.0 pom diff --git a/qendpoint-backend/pom.xml b/qendpoint-backend/pom.xml index 6b75e331..514353b7 100644 --- a/qendpoint-backend/pom.xml +++ b/qendpoint-backend/pom.xml @@ -4,7 +4,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 qendpoint-backend - 2.2.0 + 2.3.0 jar @@ -15,7 +15,7 @@ com.the-qa-company qendpoint-parent - 2.2.0 + 2.3.0 diff --git a/qendpoint-cli/pom.xml b/qendpoint-cli/pom.xml index f37f6121..ce9067db 100644 --- a/qendpoint-cli/pom.xml +++ b/qendpoint-cli/pom.xml @@ -2,7 +2,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> 4.0.0 qendpoint-cli - 2.2.0 + 2.3.0 qendpoint package Package of the qendpoint. @@ -11,7 +11,7 @@ com.the-qa-company qendpoint-parent - 2.2.0 + 2.3.0 diff --git a/qendpoint-core/pom.xml b/qendpoint-core/pom.xml index d0522ca2..d390abb2 100644 --- a/qendpoint-core/pom.xml +++ b/qendpoint-core/pom.xml @@ -4,7 +4,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 qendpoint-core - 2.2.0 + 2.3.0 jar @@ -27,7 +27,7 @@ com.the-qa-company qendpoint-parent - 2.2.0 + 2.3.0 diff --git a/qendpoint-store/pom.xml b/qendpoint-store/pom.xml index 308b1c1f..62bcdf64 100644 --- a/qendpoint-store/pom.xml +++ b/qendpoint-store/pom.xml @@ -3,7 +3,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 qendpoint - 2.2.0 + 2.3.0 jar @@ -13,7 +13,7 @@ com.the-qa-company qendpoint-parent - 2.2.0 + 2.3.0 diff --git a/release/RELEASE.md b/release/RELEASE.md index 7159f359..99c7593a 100644 --- a/release/RELEASE.md +++ b/release/RELEASE.md @@ -1,5 +1,3 @@ -- update rdf4j to 5.1.0 -- add lucene option to set thresholds (#485) -- fix issue with bitmap not enabled (#506) -- add reload dl (#499) -- add bounds to errors (#498) +- cache constants in query optimiser (#527) +- update spring to 3.4.0 (#518) +- remove rdf4j solr from the backend dependencies (#518) diff --git a/release/RELEASE.md_old b/release/RELEASE.md_old index 71c4f905..73155377 100644 --- a/release/RELEASE.md_old +++ b/release/RELEASE.md_old @@ -1,3 +1,10 @@ +## Version 2.2.0 + +- update rdf4j to 5.1.0 +- add lucene option to set thresholds (#485) +- fix issue with bitmap not enabled (#506) +- add reload dl (#499) +- add bounds to errors (#498) ## Version 2.1.2 - fix HDT loading issues (#494) From e61ce1283b1f8106c8ab8e5ceb5489b5adf64702 Mon Sep 17 00:00:00 2001 From: Antoine Willerval Date: Mon, 16 Dec 2024 14:15:28 +0100 Subject: [PATCH 2/2] GH-549 Security (#550) --- .github/workflows/security.yml | 52 ++++++++++++++++++++++++++++++++++ qendpoint-core/pom.xml | 9 +++++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 00000000..f340a1bb --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,52 @@ +name: Scan + +on: + workflow_dispatch: + +concurrency: + group: ${{ github.ref }}-scan + cancel-in-progress: true + +jobs: + publish: + name: Scan + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up JDK + uses: actions/setup-java@v3 + with: + distribution: 'microsoft' + java-version: 17 + - name: Use Node.js 16 + uses: actions/setup-node@v3 + with: + node-version: 16 + cache-dependency-path: qendpoint-frontend/package-lock.json + - name: Install frontend dependencies + run: npm ci --legacy-peer-deps + working-directory: qendpoint-frontend + - name: Compiling frontend + run: npm run build --if-present + working-directory: qendpoint-frontend + - name: Put frontend in backend + run: | + mkdir -p qendpoint-backend/src/main/resources/static/ + cp -r qendpoint-frontend/build/* qendpoint-backend/src/main/resources/static/ + - name: Compile qendpoint + run: mvn install -DskipTests + - name: move endpoint + run: mv qendpoint-backend/target/qendpoint-*-exec.jar qendpoint.jar + - name: Build an image from Dockerfile + run: 'docker build -t docker.io/the-qa-company/qendpoint:${{ github.sha }} -f scripts/Dockerfile .' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: 'docker.io/the-qa-company/qendpoint:${{ github.sha }}' + format: 'table' + exit-code: '0' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + diff --git a/qendpoint-core/pom.xml b/qendpoint-core/pom.xml index d390abb2..5a8cac4a 100644 --- a/qendpoint-core/pom.xml +++ b/qendpoint-core/pom.xml @@ -47,6 +47,7 @@ 2.7.5 1.5.6 0.9.44 + 1.26.0 4.3.2 1.7.30 @@ -75,7 +76,7 @@ org.apache.commons commons-compress - 1.21 + ${commons-compress.version} org.apache.jena @@ -91,6 +92,12 @@ org.apache.jena jena-arq ${jena.version} + + + com.google.protobuf + protobuf-java + + pl.pragmatists