Yubico
diff --git a/‎.github/dependabot.yml
Lines changed: 8 additions & 0 deletions b/‎.github/dependabot.yml
Lines changed: 8 additions & 0 deletions
diff --git a/‎NEWS
Lines changed: 6 additions & 0 deletions b/‎NEWS
Lines changed: 6 additions & 0 deletions
diff --git a/‎build.gradle
Lines changed: 35 additions & 30 deletions b/‎build.gradle
Lines changed: 35 additions & 30 deletions
diff --git a/‎doc/releasing.md
Lines changed: 16 additions & 4 deletions b/‎doc/releasing.md
Lines changed: 16 additions & 4 deletions
diff --git a/‎webauthn-server-demo/build.gradle
Lines changed: 0 additions & 24 deletions b/‎webauthn-server-demo/build.gradle
Lines changed: 0 additions & 24 deletions
diff --git a/‎webauthn-server-demo/deploy.sh
Lines changed: 0 additions & 20 deletions b/‎webauthn-server-demo/deploy.sh
Lines changed: 0 additions & 20 deletions
diff --git a/‎webauthn-server-demo/docker/Dockerfile
Lines changed: 0 additions & 7 deletions b/‎webauthn-server-demo/docker/Dockerfile
Lines changed: 0 additions & 7 deletions
diff --git a/‎webauthn-server-demo/docker/server.xml
Lines changed: 0 additions & 167 deletions b/‎webauthn-server-demo/docker/server.xml
Lines changed: 0 additions & 167 deletions
@@ -0,0 +1,8 @@
+# See https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "daily"
@@ -1,3 +1,9 @@
+== Version 1.6.4 ==
+
+- Changed dependency declarations to version ranges
+- Bumped Guava dependency to version [24.1.1,30) in response to CVE-2018-10237
+
+
 == Version 1.6.3 ==
 
 webauthn-server-attestation:
 
@@ -3,13 +3,13 @@ buildscript {
     mavenCentral()
   }
   dependencies {
-    classpath 'com.cinnober.gradle:semver-git:2.4.0'
+    classpath 'com.cinnober.gradle:semver-git:2.5.0'
   }
 }
 plugins {
-  id 'com.github.kt3k.coveralls' version '2.8.4'
-  id 'io.codearte.nexus-staging' version '0.9.0'
-  id 'io.franzbecker.gradle-lombok' version '3.1.0'
+  id 'com.github.kt3k.coveralls' version '2.10.1'
+  id 'io.codearte.nexus-staging' version '0.21.2'
+  id 'io.franzbecker.gradle-lombok' version '4.0.0'
 }
 
 import io.franzbecker.gradle.lombok.LombokPlugin
@@ -49,39 +49,44 @@ allprojects {
 }
 
 Map<String, String> dependencyVersions = [
-  'ch.qos.logback:logback-classic:1.2.3',
-  'com.augustcellars.cose:cose-java:1.0.0',
-  'com.fasterxml.jackson.core:jackson-databind:2.11.0',
-  'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.11.0',
-  'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.11.0',
-  'com.google.guava:guava:19.0',
-  'com.upokecenter:cbor:4.0.1',
-  'javax.activation:activation:1.1.1',
-  'javax.ws.rs:javax.ws.rs-api:2.1',
-  'javax.xml.bind:jaxb-api:2.3.0',
-  'junit:junit:4.12',
-  'org.apache.httpcomponents:httpclient:4.5.2',
-  'org.bouncycastle:bcpkix-jdk15on:1.62',
-  'org.bouncycastle:bcprov-jdk15on:1.62',
-  'org.eclipse.jetty:jetty-server:9.4.9.v20180320',
-  'org.eclipse.jetty:jetty-servlet:9.4.9.v20180320',
-  'org.glassfish.jersey.containers:jersey-container-servlet-core:2.26',
-  'org.glassfish.jersey.containers:jersey-container-servlet:2.26',
-  'org.glassfish.jersey.inject:jersey-hk2:2.26',
-  'org.mockito:mockito-core:2.27.0',
-  'org.scala-lang:scala-library:2.13.1',
-  'org.scalacheck:scalacheck_2.13:1.14.0',
-  'org.scalatest:scalatest_2.13:3.0.8',
-  'org.slf4j:slf4j-api:1.7.25',
+  'ch.qos.logback:logback-classic:[1.2.3,2)',
+  'com.augustcellars.cose:cose-java:[1.0.0,2)',
+  'com.fasterxml.jackson.core:jackson-databind:[2.11.0,3)',
+  'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:[2.11.0,3)',
+  'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:[2.11.0,3)',
+  'com.google.guava:guava:[24.1.1,30)',
+  'com.upokecenter:cbor:[4.0.1,5)',
+  'javax.activation:activation:[1.1.1,2)',
+  'javax.ws.rs:javax.ws.rs-api:[2.1,3)',
+  'javax.xml.bind:jaxb-api:[2.3.0,3)',
+  'junit:junit:[4.12,5)',
+  'org.apache.httpcomponents:httpclient:[4.5.2,5)',
+  'org.bouncycastle:bcpkix-jdk15on:[1.62,2)',
+  'org.bouncycastle:bcprov-jdk15on:[1.62,2)',
+  'org.eclipse.jetty:jetty-server:[9.4.9.v20180320,10)',
+  'org.eclipse.jetty:jetty-servlet:[9.4.9.v20180320,10)',
+  'org.glassfish.jersey.containers:jersey-container-servlet-core:[2.26,3)',
+  'org.glassfish.jersey.containers:jersey-container-servlet:[2.26,3)',
+  'org.glassfish.jersey.inject:jersey-hk2:[2.26,3)',
+  'org.mockito:mockito-core:[2.27.0,3)',
+  'org.scala-lang:scala-library:[2.13.1,3)',
+  'org.scalacheck:scalacheck_2.13:[1.14.0,2)',
+  'org.scalatest:scalatest_2.13:[3.0.8,3.1)',
+  'org.slf4j:slf4j-api:[1.7.25,2)',
 ].collectEntries { [(it.split(':')[0..1].join(':')): it] }
 rootProject.ext.addVersion = { dep -> dependencyVersions[dep] }
 
 subprojects {
   apply plugin: LombokPlugin
 
   lombok {
-    version '1.18.8'
-    sha256 = '0396952823579b316a0fe85cbd871bbb3508143c2bcbd985dd7800e806cb24fc'
+    version '1.18.10'
+    sha256 = '2836e954823bfcbad45e78c18896e3d01058e6f643749810c608b7005ee7b2fa'
+  }
+  tasks.withType(AbstractCompile) {
+    if (tasks.findByName('verifyLombok')) {
+      dependsOn tasks.verifyLombok
+    }
   }
 
   repositories {
 
@@ -28,13 +28,19 @@ Release candidate versions
     $ ./gradlew publish closeAndReleaseRepository
     ```
 
- 6. Push to GitHub:
+ 6. Wait for the artifacts to become downloadable at
+    https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/1.4.0/ . This
+    is needed for one of the GitHub Actions release workflows and usually takes
+    less than 30 minutes (long before the artifacts become searchable on the
+    main Maven Central website).
+
+ 7. Push to GitHub:
 
     ```
     $ git push origin master 1.4.0-RC1
     ```
 
- 7. Make GitHub release.
+ 8. Make GitHub release.
 
     - Use the new tag as the release tag
     - Check the pre-release checkbox
@@ -106,13 +112,19 @@ Release versions
     $ ./gradlew publish closeAndReleaseRepository
     ```
 
- 9. Push to GitHub:
+ 9. Wait for the artifacts to become downloadable at
+    https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/1.4.0/ . This
+    is needed for one of the GitHub Actions release workflows and usually takes
+    less than 30 minutes (long before the artifacts become searchable on the
+    main Maven Central website).
+
+10. Push to GitHub:
 
     ```
     $ git push origin master 1.4.0
     ```
 
-10. Make GitHub release.
+11. Make GitHub release.
 
     - Use the new tag as the release tag
     - Copy the release notes from `NEWS` into the GitHub release notes; reformat
 
@@ -3,14 +3,8 @@ plugins {
   id 'war'
   id 'application'
   id 'scala'
-  id 'com.bmuschko.docker-remote-api' version '3.6.1'
 }
 
-import com.bmuschko.gradle.docker.tasks.image.DockerBuildImage
-
-project.ext.dockerGroup = 'yubico'
-project.ext.dockerName = project.name
-
 description = 'WebAuthn demo'
 
 configurations {
@@ -76,21 +70,3 @@ mainClassName = 'demo.webauthn.EmbeddedServer'
     }
   }
 }
-
-task dockerPrepare(type: Sync) {
-  from file('docker')
-  from file('keystore.jks')
-  from(war.outputs) {
-    rename ~/${war.baseName}.*\.${war.extension}/, "${war.baseName}.${war.extension}"
-  }
-  into file("${project.buildDir}/docker")
-}
-
-task dockerBuild(type: DockerBuildImage) {
-  inputs.files dockerPrepare.outputs.files
-  inputDir = dockerPrepare.destinationDir
-  tags = [
-    "${project.dockerGroup}/${project.dockerName}:${project.version}",
-    "${project.dockerGroup}/${project.dockerName}:latest",
-  ]
-}