* Update lock files
* Replace usage of org.apache.commons.lang3 with guava
* Update vulnerable version of cron-utils
Update cron-util from version 9.1.3 to 9.1.6.
Version 9.1.6 fixes an arbitrary code execution
vulnerability (CVE-2021-41269).
SCM-Manager is not affected by this issue,
because it is related to the el parsing
of an annotation which we don't use.
Enable gradle dependency locking for all subprojects. This change allows us to use dependency ranges, without loosing reproducible builds.
It also makes it easier for third party services such as snyk to detect dependencies and their versions.
Sets the HEAD for new Git repositories to the default branch (this is 'main' for the default configuration).
This change led to errors in unit tests, that depended on the 'master' branch.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
When SCM-Manager is used behind a reverse proxy like
Nginx it may be the case, that lfs PUT requests are
buffered by the reverse proxy and will be sent to the
SCM-Manager after the whole file has been received. Due
to the expiration time of 5 minutes for the authentivation
token that had been requested by Git before the upload
has been started, this request from the proxy to
SCM-Manager fails if the upload from the client to the
reverse proxy took longer than these 5 minutes.
To solve this, we make this expiration time configurable,
so that whenever you have very large files or small
bandwidth the expiration timeout can be increased.
With the migration to gradle we lost the JUnit 5 integration tests. This is fixed here. In addition we have to adapt the AnonymousAccessITCase to the change, that the anonymous access is disabled when creating the default test data.
Migrates the existing e2e tests towards a cucumber bdd-style and utilizes the integration-test-runner package.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
