From a5bedcd769dabc9b8d4507f1807fb5c519efd68e Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Tue, 24 Jun 2025 14:22:05 +0200 Subject: [PATCH 1/4] test: Do not rely on the current working directory in functional tests Create a clean temporary directory instead. --- .../semver/plugin/gradle/GitSemverPluginFunctionalTest.kt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/functionalTest/kotlin/git/semver/plugin/gradle/GitSemverPluginFunctionalTest.kt b/src/functionalTest/kotlin/git/semver/plugin/gradle/GitSemverPluginFunctionalTest.kt index 9265b01..924bac0 100644 --- a/src/functionalTest/kotlin/git/semver/plugin/gradle/GitSemverPluginFunctionalTest.kt +++ b/src/functionalTest/kotlin/git/semver/plugin/gradle/GitSemverPluginFunctionalTest.kt @@ -5,6 +5,7 @@ import org.eclipse.jgit.api.Git import org.gradle.testkit.runner.BuildResult import org.gradle.testkit.runner.GradleRunner import org.junit.jupiter.api.Test +import org.junit.jupiter.api.io.TempDir import org.junit.jupiter.params.ParameterizedTest import org.junit.jupiter.params.provider.Arguments import org.junit.jupiter.params.provider.CsvSource @@ -18,6 +19,9 @@ import java.io.File class GitSemverPluginFunctionalTest { companion object { + @TempDir + lateinit var tempDir: File + @JvmStatic fun gradleVersions(): List { return listOf( @@ -125,7 +129,7 @@ class GitSemverPluginFunctionalTest { """.trimIndent(); // Setup the test build - val projectDir = File("build/functionalTest") + val projectDir = tempDir.resolve("build/functionalTest") projectDir.mkdirs() projectDir.resolve(".gitignore").writeText(".gradle") projectDir.resolve("settings.gradle").writeText("include ':sub1'") From 9b625428d0abafef602c188ccefc67b88e042f0e Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Tue, 24 Jun 2025 12:58:36 +0200 Subject: [PATCH 2/4] build: Migrate dependency versions to a version catalog A central version catalog is easier to maintain and has become the de-facto standard. --- build.gradle.kts | 20 ++++++++++---------- gradle/libs.versions.toml | 21 +++++++++++++++++++++ 2 files changed, 31 insertions(+), 10 deletions(-) create mode 100644 gradle/libs.versions.toml diff --git a/build.gradle.kts b/build.gradle.kts index eedfe09..fcec93e 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,9 +3,9 @@ plugins { `java-gradle-plugin` // Apply the Kotlin JVM plugin to add support for Kotlin. - kotlin("jvm") version "1.9.10" - id("com.gradle.plugin-publish") version "1.2.1" - id("com.github.jmongard.git-semver-plugin") version "0.13.0" + alias(libs.plugins.kotlin.jvm) + alias(libs.plugins.plugin.publish) + alias(libs.plugins.git.semver) id("jacoco") } @@ -22,14 +22,14 @@ repositories { } dependencies { - implementation(kotlin("stdlib")) - implementation("org.eclipse.jgit:org.eclipse.jgit:7.1.0.202411261347-r") - implementation("org.eclipse.jgit:org.eclipse.jgit.gpg.bc:7.1.0.202411261347-r") - implementation("org.slf4j:slf4j-api:1.7.36") + implementation(libs.kotlin.stdlib) + implementation(libs.jgit.core) + implementation(libs.jgit.gpg) + implementation(libs.slf4j.api) - testImplementation(kotlin("test-junit5")) - testImplementation("org.junit.jupiter:junit-jupiter-params") - testImplementation("org.assertj:assertj-core:3.27.2") + testImplementation(libs.kotlin.test.junit5) + testImplementation(libs.junit.jupiter.params) + testImplementation(libs.assertj.core) } gradlePlugin { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml new file mode 100644 index 0000000..532bb3f --- /dev/null +++ b/gradle/libs.versions.toml @@ -0,0 +1,21 @@ +[versions] +assertj = "3.27.2" +git-semver-plugin = "0.13.0" +jgit = "7.1.0.202411261347-r" +kotlin = "1.9.10" +plugin-publish = "1.2.1" +slf4j = "1.7.36" + +[plugins] +git-semver = { id = "com.github.jmongard.git-semver-plugin", version.ref = "git-semver-plugin" } +kotlin-jvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" } +plugin-publish = { id = "com.gradle.plugin-publish", version.ref = "plugin-publish" } + +[libraries] +assertj-core = { module = "org.assertj:assertj-core", version.ref = "assertj" } +jgit-core = { module = "org.eclipse.jgit:org.eclipse.jgit", version.ref = "jgit" } +jgit-gpg = { module = "org.eclipse.jgit:org.eclipse.jgit.gpg.bc", version.ref = "jgit" } +junit-jupiter-params = { module = "org.junit.jupiter:junit-jupiter-params" } +kotlin-stdlib = { module = "org.jetbrains.kotlin:kotlin-stdlib" } +kotlin-test-junit5 = { module = "org.jetbrains.kotlin:kotlin-test-junit5" } +slf4j-api = { module = "org.slf4j:slf4j-api", version.ref = "slf4j" } From 64046611aa688c3adcbfca63286b39176197fa34 Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Tue, 24 Jun 2025 13:03:15 +0200 Subject: [PATCH 3/4] build: Remove the Kotlin stdlib as an explicit dependency The Kotlin Gradle Plugin add this automatically. --- build.gradle.kts | 1 - gradle/libs.versions.toml | 1 - 2 files changed, 2 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index fcec93e..7f73c38 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -22,7 +22,6 @@ repositories { } dependencies { - implementation(libs.kotlin.stdlib) implementation(libs.jgit.core) implementation(libs.jgit.gpg) implementation(libs.slf4j.api) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 532bb3f..946b984 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -16,6 +16,5 @@ assertj-core = { module = "org.assertj:assertj-core", version.ref = "assertj" } jgit-core = { module = "org.eclipse.jgit:org.eclipse.jgit", version.ref = "jgit" } jgit-gpg = { module = "org.eclipse.jgit:org.eclipse.jgit.gpg.bc", version.ref = "jgit" } junit-jupiter-params = { module = "org.junit.jupiter:junit-jupiter-params" } -kotlin-stdlib = { module = "org.jetbrains.kotlin:kotlin-stdlib" } kotlin-test-junit5 = { module = "org.jetbrains.kotlin:kotlin-test-junit5" } slf4j-api = { module = "org.slf4j:slf4j-api", version.ref = "slf4j" } From c14b2f2e459050a25ff5daaed30598f7d39a4b51 Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Tue, 24 Jun 2025 14:26:04 +0200 Subject: [PATCH 4/4] deps: Upgrade JGit to address CVE-2025-4949 --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 946b984..005c0d5 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,7 +1,7 @@ [versions] assertj = "3.27.2" git-semver-plugin = "0.13.0" -jgit = "7.1.0.202411261347-r" +jgit = "7.3.0.202506031305-r" kotlin = "1.9.10" plugin-publish = "1.2.1" slf4j = "1.7.36"