upgrade vulnerable dependency

Neokil · Neokil · commit 9f02550878a9 · 2025-11-21T08:36:06.000+01:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,88 +3,88 @@ name: run tests
 on: [push]
 
 jobs:
-    test:
-        runs-on: ubuntu-latest
-        permissions:
-          contents: 'read'
-          id-token: 'write'
+  test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
 
-        steps:
-        - uses: actions/checkout@v4
-        - name: Authenticate to Google Cloud
-          id: auth
-          uses: google-github-actions/auth@v1
-          with:
-            token_format: access_token
-            workload_identity_provider: projects/949875736540/locations/global/workloadIdentityPools/external-pool/providers/github-provider
-            service_account: artifact-pusher@talon-artifacts.iam.gserviceaccount.com
-        - name: Login to GAR
-          uses: docker/login-action@v3
-          with:
-            registry: europe-west3-docker.pkg.dev
-            username: oauth2accesstoken
-            password: ${{ steps.auth.outputs.access_token }}
-        - uses: hoverkraft-tech/compose-action@v2.0.2
-        - name: Set up Java
-          uses: actions/setup-java@v4
-          with:
-            distribution: 'temurin'
-            java-version: '21'
-            cache: 'gradle'
-        - name: Install dependencies
-          run: |
-            sudo apt-get install jq curl
-        - name: Set Release version env variable
-          run: |
-            echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
-        - name: Run example
-          run: |
-            echo "running example";
-            sleep 5;
-            docker compose logs;
-            curl --location "http://localhost:9000/v1/users"
-            
-            ACCOUNT_RESPONSE=$(curl -s --location "http://localhost:9000/v1/accounts" \
-              --header "Content-Type: application/json" \
-              --data-raw '{
-                  "companyName": "demo",
-                  "email": "integrationtest@talon.one",
-                  "password": "Password1234!"
-              }');
-            export TALON_USER_ID=$(echo $ACCOUNT_RESPONSE | jq ".userId");
-            export TALON_USER_TOKEN=$(echo $ACCOUNT_RESPONSE | jq ".token" | tr -d '"');
-            USER_RESPONSE=$(curl -s --location "http://localhost:9000/v1/users/$TALON_USER_ID" \
-              --header "Authorization: Bearer $TALON_USER_TOKEN");
-            export TALON_ACCOUNT_ID=$(echo $USER_RESPONSE | jq ".accountId");
-            echo "User with ID $TALON_USER_ID and Token $TALON_USER_TOKEN was created for application $TALON_ACCOUNT_ID";
-            APPLICATION_RESPONSE=$(curl -s --location "http://localhost:9000/v1/applications" \
-              --header "Content-Type: application/json" \
-              --header "Authorization: Bearer $TALON_USER_TOKEN" \
-              --data-raw '{
-                  "name": "demo",
-                  "currency": "EUR",
-                  "timezone": "Europe/Berlin",
-                  "enableFlattenedCartItems": false
-              }');
-            export TALON_APPLICATION_ID=$(echo $USER_RESPONSE | jq ".id");
-            echo "Application with ID $TALON_APPLICATION_ID was created"
-            API_KEY_RESPONSE=$(curl -s -v --location "http://localhost:9000/v1/applications/$TALON_APPLICATION_ID/apikeys" \
-              --header "Content-Type: application/json" \
-              --header "Authorization: Bearer $TALON_USER_TOKEN" \
-              --data-raw '{
-                  "title": "Application HIT KEY",
-                  "expires": "2099-01-01T0:00:00Z"
-              }');
-            echo "Api-Key-Response: $API_KEY_RESPONSE";
-            export TALON_API_KEY=$(echo $API_KEY_RESPONSE | jq ".key" | tr -d '"');
-            echo "Api-Key $TALON_API_KEY created";
+    steps:
+      - uses: actions/checkout@v4
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v1
+        with:
+          token_format: access_token
+          workload_identity_provider: projects/949875736540/locations/global/workloadIdentityPools/external-pool/providers/github-provider
+          service_account: artifact-pusher@talon-artifacts.iam.gserviceaccount.com
+      - name: Login to GAR
+        uses: docker/login-action@v3
+        with:
+          registry: europe-west3-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - uses: hoverkraft-tech/compose-action@v2.0.2
+      - name: Set up Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: "21"
+          cache: "gradle"
+      - name: Install dependencies
+        run: |
+          sudo apt-get install jq curl
+      - name: Set Release version env variable
+        run: |
+          echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
+      - name: Run example
+        run: |
+          echo "running example";
+          sleep 5;
+          docker compose logs;
+          curl --location "http://localhost:9000/v1/users"
 
-            echo "maven install";
-            mvn clean install;
-            export CLASSPATH=.:./src/main/java:./target/lib/gson-2.8.9.jar:./target/talon-one-client-${{ env.RELEASE_VERSION }}.jar:./target/lib/okio-1.17.2.jar:./target/lib/okhttp-3.14.7.jar:./target/lib/threetenbp-1.4.3.jar:./target/lib/gson-fire-1.8.4.jar;
-            
-            echo "java compile";
-            javac -d . Example.java;
+          ACCOUNT_RESPONSE=$(curl -s --location "http://localhost:9000/v1/accounts" \
+            --header "Content-Type: application/json" \
+            --data-raw '{
+                "companyName": "demo",
+                "email": "integrationtest@talon.one",
+                "password": "Password1234!"
+            }');
+          export TALON_USER_ID=$(echo $ACCOUNT_RESPONSE | jq ".userId");
+          export TALON_USER_TOKEN=$(echo $ACCOUNT_RESPONSE | jq ".token" | tr -d '"');
+          USER_RESPONSE=$(curl -s --location "http://localhost:9000/v1/users/$TALON_USER_ID" \
+            --header "Authorization: Bearer $TALON_USER_TOKEN");
+          export TALON_ACCOUNT_ID=$(echo $USER_RESPONSE | jq ".accountId");
+          echo "User with ID $TALON_USER_ID and Token $TALON_USER_TOKEN was created for application $TALON_ACCOUNT_ID";
+          APPLICATION_RESPONSE=$(curl -s --location "http://localhost:9000/v1/applications" \
+            --header "Content-Type: application/json" \
+            --header "Authorization: Bearer $TALON_USER_TOKEN" \
+            --data-raw '{
+                "name": "demo",
+                "currency": "EUR",
+                "timezone": "Europe/Berlin",
+                "enableFlattenedCartItems": false
+            }');
+          export TALON_APPLICATION_ID=$(echo $USER_RESPONSE | jq ".id");
+          echo "Application with ID $TALON_APPLICATION_ID was created"
+          API_KEY_RESPONSE=$(curl -s -v --location "http://localhost:9000/v1/applications/$TALON_APPLICATION_ID/apikeys" \
+            --header "Content-Type: application/json" \
+            --header "Authorization: Bearer $TALON_USER_TOKEN" \
+            --data-raw '{
+                "title": "Application HIT KEY",
+                "expires": "2099-01-01T0:00:00Z"
+            }');
+          echo "Api-Key-Response: $API_KEY_RESPONSE";
+          export TALON_API_KEY=$(echo $API_KEY_RESPONSE | jq ".key" | tr -d '"');
+          echo "Api-Key $TALON_API_KEY created";
 
-            echo "java execute";
-            java com.example.consumer.Example;
+          echo "maven install";
+          mvn clean install;
+          export CLASSPATH=.:./src/main/java:./target/lib/gson-2.8.9.jar:./target/talon-one-client-${{ env.RELEASE_VERSION }}.jar:./target/lib/okio-1.17.2.jar:./target/lib/okhttp-4.9.2.jar:./target/lib/threetenbp-1.4.3.jar:./target/lib/gson-fire-1.8.4.jar;
+
+          echo "java compile";
+          javac -d . Example.java;
+
+          echo "java execute";
+          java com.example.consumer.Example;
diff --git a/build.gradle b/build.gradle
@@ -100,8 +100,8 @@ if(hasProperty('target') && target == 'android') {
 dependencies {
     compile 'io.swagger:swagger-annotations:1.5.24'
     compile "com.google.code.findbugs:jsr305:3.0.2"
-    compile 'com.squareup.okhttp3:okhttp:3.14.7'
-    compile 'com.squareup.okhttp3:logging-interceptor:3.14.7'
+    compile 'com.squareup.okhttp3:okhttp:4.9.2'
+    compile 'com.squareup.okhttp3:logging-interceptor:4.9.2'
     compile 'com.google.code.gson:gson:2.8.6'
     compile 'io.gsonfire:gson-fire:1.8.4'
     compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.18.0'
diff --git a/build.sbt b/build.sbt
@@ -10,8 +10,8 @@ lazy val root = (project in file(".")).
     resolvers += Resolver.mavenLocal,
     libraryDependencies ++= Seq(
       "io.swagger" % "swagger-annotations" % "1.5.24",
-      "com.squareup.okhttp3" % "okhttp" % "3.14.7",
-      "com.squareup.okhttp3" % "logging-interceptor" % "3.14.7",
+      "com.squareup.okhttp3" % "okhttp" % "4.9.2",
+      "com.squareup.okhttp3" % "logging-interceptor" % "4.9.2",
       "com.google.code.gson" % "gson" % "2.8.6",
       "org.apache.commons" % "commons-lang3" % "3.18.0",
       "org.threeten" % "threetenbp" % "1.4.3" % "compile",
diff --git a/pom.xml b/pom.xml
@@ -285,7 +285,7 @@
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <gson-fire-version>1.8.4</gson-fire-version>
         <swagger-core-version>1.5.24</swagger-core-version>
-        <okhttp-version>3.14.7</okhttp-version>
+        <okhttp-version>4.9.2</okhttp-version>
         <gson-version>2.8.9</gson-version>
         <commons-lang3-version>3.18.0</commons-lang3-version>
         <threetenbp-version>1.4.3</threetenbp-version>
