From ac047d146ccd1fb644b8a227b85fcd952e3042e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maren=20S=C3=BCwer?= <maren.suewer@cloudogu.com>
Date: Thu, 1 Aug 2024 15:21:31 +0200
Subject: [PATCH 01/11] change structure of release notes

---
 docs/gui/release_notes_de.md | 2 +-
 docs/gui/release_notes_en.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
index e5dbf6d2..e537dc37 100644
--- a/docs/gui/release_notes_de.md
+++ b/docs/gui/release_notes_de.md
@@ -10,6 +10,6 @@ Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Cha
 
 ## Release 1.7.2-1
 
-> Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.
+**Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.**
 
 Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
\ No newline at end of file
diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
index bb5c43a2..c9d3a610 100644
--- a/docs/gui/release_notes_en.md
+++ b/docs/gui/release_notes_en.md
@@ -10,6 +10,6 @@ We have only made technical changes. You can find more details in the changelogs
 
 ## Release 1.7.2-1
 
-> The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.
+**The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.**
 
 We have only made technical changes. You can find more details in the changelogs.
\ No newline at end of file

From f045f7d644fae9baa9e8f7ec4db69ad3b9f5895a Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 10:47:38 +0200
Subject: [PATCH 02/11] update maven dependencies

---
 pom.xml | 36 +++++++++++++++++++++---------------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/pom.xml b/pom.xml
index 58aa2b8b..a1163be1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.0.5</version>
+        <version>3.3.2</version>
         <relativePath/>
     </parent>
 
@@ -39,7 +39,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>6.0.7</version>
+            <version>6.1.11</version>
         </dependency>
 
         <dependency>
@@ -62,7 +62,7 @@
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
-            <version>2.0</version>
+            <version>2.2</version>
         </dependency>
 
         <dependency>
@@ -149,7 +149,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>30.1-jre</version>
+            <version>33.2.1-jre</version>
         </dependency>
 
         <!-- logging -->
@@ -157,20 +157,20 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.5</version>
+            <version>2.0.13</version>
         </dependency>
 
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.4.6</version>
+            <version>1.5.6</version>
         </dependency>
 
         <!-- Used to extract the version at runtime -->
         <dependency>
             <groupId>com.cloudogu.versionName</groupId>
             <artifactId>versionName</artifactId>
-            <version>2.0.0</version>
+            <version>2.1.0</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -181,20 +181,20 @@
         <dependency>
             <groupId>org.jetbrains</groupId>
             <artifactId>annotations</artifactId>
-            <version>RELEASE</version>
+            <version>24.1.0</version>
             <scope>compile</scope>
         </dependency>
 
         <dependency>
             <groupId>jakarta.servlet</groupId>
             <artifactId>jakarta.servlet-api</artifactId>
-            <version>6.0.0</version>
+            <version>6.1.0</version>
         </dependency>
 
         <dependency>
             <groupId>org.apache.httpcomponents.client5</groupId>
             <artifactId>httpclient5</artifactId>
-            <version>5.2.1</version>
+            <version>5.3.1</version>
         </dependency>
 
     </dependencies>
@@ -288,7 +288,7 @@
                     </execution>
                     <execution>
                         <id>run-test</id>
-                        <!-- use prepare-package to avoid installing durring spring-boot:run -->
+                        <!-- use prepare-package to avoid installing during spring-boot:run -->
                         <phase>test</phase>
                         <goals>
                             <goal>run</goal>
@@ -299,7 +299,7 @@
                     </execution>
                     <execution>
                         <id>run-build</id>
-                        <!-- use prepare-package to avoid installing durring spring-boot:run -->
+                        <!-- use prepare-package to avoid installing during spring-boot:run -->
                         <phase>prepare-package</phase>
                         <goals>
                             <goal>run</goal>
@@ -383,9 +383,15 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <cas-client.version>4.0.1</cas-client.version>
-        <java.version>17</java.version>
-        <jaxb.version>2.3.0</jaxb.version>
+        <cas-client.version>4.0.4</cas-client.version>
+        <jaxb.version>2.3.1</jaxb.version>
         <jgit.version>5.1.16.202106041830-r</jgit.version>
     </properties>
+    <repositories>
+        <repository>
+            <id>maven_central</id>
+            <name>Maven Central</name>
+            <url>https://repo.maven.apache.org/maven2/</url>
+        </repository>
+    </repositories>
 </project>

From 001cbfb131ad17b4f31590b67ab89f87a6219550 Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 10:50:23 +0200
Subject: [PATCH 03/11] update to java 21

---
 Dockerfile | 4 ++--
 pom.xml    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4e5b2006..e9c95ada 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM eclipse-temurin:17.0.11_9-jdk as builder
+FROM eclipse-temurin:21.0.4_7-jdk as builder
 
 ENV SMEAGOL_DIR=/usr/src/smeagol
 COPY mvnw pom.xml package.json yarn.lock .prettierrc ${SMEAGOL_DIR}/
@@ -16,7 +16,7 @@ RUN set -x \
 
 
 
-FROM registry.cloudogu.com/official/java:17.0.11-3
+FROM registry.cloudogu.com/official/java:21.0.3-4
 LABEL NAME="official/smeagol" \
       VERSION="1.7.2-2" \
       maintainer="hello@cloudogu.com"
diff --git a/pom.xml b/pom.xml
index a1163be1..8eaab1cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -384,6 +384,7 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <cas-client.version>4.0.4</cas-client.version>
+        <java.version>21</java.version>
         <jaxb.version>2.3.1</jaxb.version>
         <jgit.version>5.1.16.202106041830-r</jgit.version>
     </properties>

From a125b140963a9f08385bfcc78442a5396578203f Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 10:50:34 +0200
Subject: [PATCH 04/11] update to node 22.5.1

---
 package.json | 2 +-
 pom.xml      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index e222cf12..2c8a25cf 100644
--- a/package.json
+++ b/package.json
@@ -5,13 +5,13 @@
   "dependencies": {
     "ces-theme": "https://github.com/cloudogu/ces-theme.git#v0.7.2",
     "classnames": "^2.2.5",
+    "dayjs": "^1.11.10",
     "highlight.js": "^10.4.1",
     "history": "^4.7.2",
     "i18next": "^10.3.0",
     "i18next-browser-languagedetector": "^2.1.0",
     "i18next-fetch-backend": "^0.1.0",
     "i18next-resource-store-loader": "^0.1.2",
-    "dayjs": "^1.11.10",
     "object-assign": "4.1.1",
     "promise": "8.0.1",
     "query-string": "^5.0.1",
diff --git a/pom.xml b/pom.xml
index 8eaab1cd..a5a7672a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -269,11 +269,11 @@
                 <version>2.5.0</version>
                 <configuration>
                     <node>
-                        <version>18.7.0</version>
+                        <version>22.5.1</version>
                     </node>
                     <pkgManager>
                         <type>YARN</type>
-                        <version>1.22.19</version>
+                        <version>1.22.22</version>
                     </pkgManager>
                     <pkg/>
                     <script/>

From 041a7c9a05136a9a5be715d1088a657cb2cb73f6 Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 12:11:25 +0200
Subject: [PATCH 05/11] update maven wrapper

---
 .mvn/wrapper/maven-wrapper.properties | 2 +-
 pom.xml                               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
index be4fea70..c04415a1 100644
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -1 +1 @@
-distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip
diff --git a/pom.xml b/pom.xml
index a5a7672a..e1d5c410 100644
--- a/pom.xml
+++ b/pom.xml
@@ -314,7 +314,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <source>${java.version}</source>
                     <target>${java.version}</target>

From b8e326b631fd41de19c10e575abc3c3c21249577 Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 12:44:35 +0200
Subject: [PATCH 06/11] fix jenkins java version for build

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 5cd4734e..de94eea9 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -22,7 +22,7 @@ parallel(
     node() { // No specific label
       timestamps {
 
-        def mvnDockerName = '3.6-openjdk-17'
+        def mvnDockerName = '3.9.8-eclipse-temurin-21'
         Maven mvn = new MavenInDocker(this, mvnDockerName)
 
         stage('Checkout') {

From 7d3a28cffd0690b2e67025c516e6351e03b9e352 Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 13:29:31 +0200
Subject: [PATCH 07/11] add changelog

---
 CHANGELOG.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d90b3373..d2b5cd8b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+- [#220] Update base image to java:21.0.3-4
+- [#220] Update Sprint Boot Starter to 3.3.2
+- [#220] Update Spring to 6.1.11
+- [#220] Update CAS-Client to 4.0.4
+- [#220] Update Maven to 3.9.8
+- [#220] Update JAXB to 2.3.1
+- [#220] Update Snakeyaml to 2.2
+- [#220] Update Guava to 33.2.1-jre
+- [#220] Update slf4j to 2.0.13
+- [#220] Update Logback to 1.5.6
+- [#220] Update cloudogu/VersionName to 2.1.0
+- [#220] Update jakarta.servlet-api to 6.1.0
+- [#220] Update httpclient5 to 5.3.1
+- [#220] Update NodeJs dev-server to 22.5.1
+- [#220] Update Yarn to 1.22.22
+
+### Fixed
+- [#220] use pinned version of jetbrains annotations 24.1.0
+- [#220] fix [Fasterxml DoS vulnerability](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)
+
 ## [v1.7.2-2] - 2024-07-01
 ### Changed
 - Update base image to java:17.0.11-3 to use doguctl v0.12.0 (#92)

From 6513f9d78758d74cdc67f61de8479a8bf2d2f0dd Mon Sep 17 00:00:00 2001
From: Alexander Dammeier <alexander.dammeier@cloudogu.com>
Date: Mon, 5 Aug 2024 13:38:35 +0200
Subject: [PATCH 08/11] update jacoco to fix coder coverage

---
 CHANGELOG.md | 1 +
 pom.xml      | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2b5cd8b..e4177d23 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [#220] Update httpclient5 to 5.3.1
 - [#220] Update NodeJs dev-server to 22.5.1
 - [#220] Update Yarn to 1.22.22
+- [#220] Update Jacoco to 0.8.12
 
 ### Fixed
 - [#220] use pinned version of jetbrains annotations 24.1.0
diff --git a/pom.xml b/pom.xml
index e1d5c410..57cb3775 100644
--- a/pom.xml
+++ b/pom.xml
@@ -328,7 +328,7 @@
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.8</version>
+                    <version>0.8.12</version>
                 </plugin>
             </plugins>
         </pluginManagement>

From c4b6d1eccb1ee75d47c6c2563064624be1272280 Mon Sep 17 00:00:00 2001
From: Robert Auer <robert.auer@cloudogu.com>
Date: Mon, 5 Aug 2024 14:36:38 +0200
Subject: [PATCH 09/11] Bump version

---
 Dockerfile   | 2 +-
 dogu.json    | 2 +-
 package.json | 2 +-
 pom.xml      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e9c95ada..9020fe80 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,7 @@ RUN set -x \
 
 FROM registry.cloudogu.com/official/java:21.0.3-4
 LABEL NAME="official/smeagol" \
-      VERSION="1.7.2-2" \
+      VERSION="1.7.3-1" \
       maintainer="hello@cloudogu.com"
 
 ENV SERVICE_TAGS=webapp \
diff --git a/dogu.json b/dogu.json
index 2467207e..3a960e52 100644
--- a/dogu.json
+++ b/dogu.json
@@ -1,6 +1,6 @@
 {
   "Name": "official/smeagol",
-  "Version": "1.7.2-2",
+  "Version": "1.7.3-1",
   "DisplayName": "Smeagol",
   "Description": "Store your technical documentation with in your git repositories",
   "Category": "Development Apps",
diff --git a/package.json b/package.json
index 2c8a25cf..e72e2560 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "smeagol",
-  "version": "1.7.2-2",
+  "version": "1.7.3-1",
   "private": true,
   "dependencies": {
     "ces-theme": "https://github.com/cloudogu/ces-theme.git#v0.7.2",
diff --git a/pom.xml b/pom.xml
index 57cb3775..27bd56fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
 
     <groupId>com.cloudogu.wiki</groupId>
     <artifactId>smeagol</artifactId>
-    <version>1.7.2-2</version>
+    <version>1.7.3-1</version>
     <name>smeagol</name>
     <packaging>war</packaging>
 

From 7d656aea1631bed392ceb10f37484df0bd0fe045 Mon Sep 17 00:00:00 2001
From: Robert Auer <robert.auer@cloudogu.com>
Date: Mon, 5 Aug 2024 14:46:10 +0200
Subject: [PATCH 10/11] Add release notes

---
 docs/gui/release_notes_de.md | 8 +++++++-
 docs/gui/release_notes_en.md | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
index e537dc37..67bbe80b 100644
--- a/docs/gui/release_notes_de.md
+++ b/docs/gui/release_notes_de.md
@@ -4,6 +4,12 @@ Im Folgenden finden Sie die Release Notes für Smeagol.
 
 Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https://docs.cloudogu.com/de/docs/dogus/smeagol/CHANGELOG/).
 
+## Release 1.7.3-1
+
+**Das Release behebt einen ([DoS-Angriffsvektor](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). Ein Update ist daher empfohlen.**
+
+Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
+
 ## Release 1.7.2-2
 
 Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
@@ -12,4 +18,4 @@ Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Cha
 
 **Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.**
 
-Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
\ No newline at end of file
+Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
index c9d3a610..408bb1db 100644
--- a/docs/gui/release_notes_en.md
+++ b/docs/gui/release_notes_en.md
@@ -4,6 +4,12 @@ Below you will find the release notes for Smeagol.
 
 Technical details on a release can be found in the corresponding [Changelog](https://docs.cloudogu.com/en/docs/dogus/smeagol/CHANGELOG/).
 
+## Release 1.7.3-1
+
+** The release fixes a ([DoS attack vector](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). An update is therefore recommended.**
+
+We have only made technical changes. You can find more details in the changelogs.
+
 ## Release 1.7.2-2
 
 We have only made technical changes. You can find more details in the changelogs.
@@ -12,4 +18,4 @@ We have only made technical changes. You can find more details in the changelogs
 
 **The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.**
 
-We have only made technical changes. You can find more details in the changelogs.
\ No newline at end of file
+We have only made technical changes. You can find more details in the changelogs.

From 651c2e483230d02f837544121d56f23689f09824 Mon Sep 17 00:00:00 2001
From: Robert Auer <robert.auer@cloudogu.com>
Date: Mon, 5 Aug 2024 14:46:22 +0200
Subject: [PATCH 11/11] Update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e4177d23..7177b02b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.7.3-1] - 2024-08-05
+
 ### Changed
 - [#220] Update base image to java:21.0.3-4
 - [#220] Update Sprint Boot Starter to 3.3.2