mirror of
https://github.com/LamGC/ScalaBot.git
synced 2025-04-29 22:27:31 +00:00
LamGC
90110335f5
CVE-2022-42004 漏洞报告指出, 由于 jackson-databind 的有关错误, 导致对象序列化过程可能存在数据错误的问题, 目前 jackson-databind 已发布 2.13.4.2 版本以解决该问题, 由于引入 jackson-databind 的 telegrambots 库尚未发布针对该问题的修复版本, 故在本项目中引入新版依赖项, 以确保用户不受该问题影响. 该版本已在 TelegramBots 项目(版本 6.1.0)中进行测试, 测试通过. ------------------------------------------ https://devhub.checkmarx.com/cve-details/CVE-2022-42004/
114 lines
3.5 KiB
Plaintext
114 lines
3.5 KiB
Plaintext
plugins {
|
|
kotlin("jvm")
|
|
java
|
|
jacoco
|
|
`maven-publish`
|
|
signing
|
|
id("org.jetbrains.kotlinx.binary-compatibility-validator") version "0.11.1"
|
|
}
|
|
|
|
dependencies {
|
|
implementation("commons-codec:commons-codec:1.15")
|
|
api("org.telegram:telegrambots-abilities:6.1.0")
|
|
api("org.slf4j:slf4j-api:2.0.0")
|
|
|
|
// Added as a mitigation measure for vulnerabilities.
|
|
// When the relevant reference dependency updates it, it will be removed.
|
|
implementation("com.fasterxml.jackson.core:jackson-databind:2.13.4.2")
|
|
|
|
testImplementation("org.junit.jupiter:junit-jupiter-api:5.9.0")
|
|
testImplementation("org.mockito:mockito-core:4.7.0")
|
|
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
|
}
|
|
|
|
tasks.withType<Javadoc> {
|
|
options {
|
|
encoding = "UTF-8"
|
|
}
|
|
}
|
|
|
|
java {
|
|
withJavadocJar()
|
|
withSourcesJar()
|
|
sourceCompatibility = JavaVersion.VERSION_11
|
|
targetCompatibility = JavaVersion.VERSION_11
|
|
}
|
|
|
|
tasks.test {
|
|
useJUnitPlatform()
|
|
finalizedBy(tasks.jacocoTestReport)
|
|
}
|
|
|
|
tasks.jacocoTestReport {
|
|
dependsOn(tasks.test)
|
|
}
|
|
|
|
tasks.withType<AbstractArchiveTask>().configureEach {
|
|
isPreserveFileTimestamps = false
|
|
isReproducibleFileOrder = true
|
|
}
|
|
|
|
publishing {
|
|
repositories {
|
|
if (project.version.toString().endsWith("-SNAPSHOT")) {
|
|
maven("https://nexus.kuku.me/repository/maven-snapshots/") {
|
|
credentials {
|
|
username = project.properties["repo.credentials.private.username"].toString()
|
|
password = project.properties["repo.credentials.private.password"].toString()
|
|
}
|
|
}
|
|
} else {
|
|
maven("https://nexus.kuku.me/repository/maven-releases/") {
|
|
credentials {
|
|
username = project.properties["repo.credentials.private.username"].toString()
|
|
password = project.properties["repo.credentials.private.password"].toString()
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
publications {
|
|
create<MavenPublication>("maven") {
|
|
from(components["java"])
|
|
|
|
pom {
|
|
name.set("ScalaBot-Extension-api")
|
|
description.set(
|
|
"Dependencies for developing scalabot " +
|
|
"(a robotic application based on the TelegramBots[Github@rubenlagus/TelegramBots] project)"
|
|
)
|
|
url.set("https://github.com/LamGC/ScalaBot")
|
|
licenses {
|
|
license {
|
|
name.set("The MIT License")
|
|
url.set("https://www.opensource.org/licenses/mit-license.php")
|
|
}
|
|
}
|
|
developers {
|
|
developer {
|
|
id.set("LamGC")
|
|
name.set("LamGC")
|
|
email.set("lam827@lamgc.net")
|
|
url.set("https://github.com/LamGC")
|
|
}
|
|
}
|
|
scm {
|
|
connection.set("scm:git:https://github.com/LamGC/ScalaBot.git")
|
|
developerConnection.set("scm:git:https://github.com/LamGC/ScalaBot.git")
|
|
url.set("https://github.com/LamGC/ScalaBot")
|
|
}
|
|
issueManagement {
|
|
url.set("https://github.com/LamGC/ScalaBot/issues")
|
|
system.set("Github Issues")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
signing {
|
|
useGpgCmd()
|
|
sign(publishing.publications["maven"])
|
|
}
|