Merge pull request #531 from the-qa-company/master

Sync master into dev

.github/workflows/security.yml

@@ -0,0 +1,52 @@
+name: Scan
+
+on: 
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.ref }}-scan
+  cancel-in-progress: true
+
+jobs:
+  publish:
+    name: Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'microsoft'
+          java-version: 17
+      - name: Use Node.js 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache-dependency-path: qendpoint-frontend/package-lock.json
+      - name: Install frontend dependencies
+        run: npm ci --legacy-peer-deps
+        working-directory: qendpoint-frontend
+      - name: Compiling frontend
+        run: npm run build --if-present
+        working-directory: qendpoint-frontend
+      - name: Put frontend in backend
+        run: |
+          mkdir -p qendpoint-backend/src/main/resources/static/
+          cp -r qendpoint-frontend/build/* qendpoint-backend/src/main/resources/static/
+      - name: Compile qendpoint
+        run: mvn install -DskipTests
+      - name: move endpoint
+        run: mv qendpoint-backend/target/qendpoint-*-exec.jar qendpoint.jar
+      - name: Build an image from Dockerfile
+        run: 'docker build -t docker.io/the-qa-company/qendpoint:${{ github.sha }} -f scripts/Dockerfile .'
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          image-ref: 'docker.io/the-qa-company/qendpoint:${{ github.sha }}'
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+

pom.xml

@@ -9,7 +9,7 @@
 
     <groupId>com.the-qa-company</groupId>
     <artifactId>qendpoint-parent</artifactId>
-    <version>2.2.0</version>
+    <version>2.3.0</version>
 
     <packaging>pom</packaging>
 

qendpoint-backend/pom.xml

@@ -4,7 +4,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>qendpoint-backend</artifactId>
-    <version>2.2.0</version>
+    <version>2.3.0</version>
 
     <packaging>jar</packaging>
 
@@ -15,7 +15,7 @@
     <parent>
         <groupId>com.the-qa-company</groupId>
         <artifactId>qendpoint-parent</artifactId>
-        <version>2.2.0</version>
+        <version>2.3.0</version>
     </parent>
 
     <licenses>

qendpoint-cli/pom.xml

@@ -2,7 +2,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>qendpoint-cli</artifactId>
-    <version>2.2.0</version>
+    <version>2.3.0</version>
 
     <name>qendpoint package</name>
     <description>Package of the qendpoint.</description>
@@ -11,7 +11,7 @@
     <parent>
         <groupId>com.the-qa-company</groupId>
         <artifactId>qendpoint-parent</artifactId>
-        <version>2.2.0</version>
+        <version>2.3.0</version>
     </parent>
 
     <dependencies>

qendpoint-core/pom.xml

@@ -4,7 +4,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>qendpoint-core</artifactId>
-    <version>2.2.0</version>
+    <version>2.3.0</version>
 
     <packaging>jar</packaging>
 
@@ -27,7 +27,7 @@
     <parent>
         <groupId>com.the-qa-company</groupId>
         <artifactId>qendpoint-parent</artifactId>
-        <version>2.2.0</version>
+        <version>2.3.0</version>
     </parent>
 
     <licenses>
@@ -47,6 +47,7 @@
         <spring.version>2.7.5</spring.version>
         <logback.version>1.5.6</logback.version>
         <roaringbitmap.version>0.9.44</roaringbitmap.version>
+        <commons-compress.version>1.26.0</commons-compress.version>
 
         <jena.version>4.3.2</jena.version>
         <slf4j.version>1.7.30</slf4j.version>
@@ -75,7 +76,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.21</version>
+            <version>${commons-compress.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.jena</groupId>
@@ -91,6 +92,12 @@
             <groupId>org.apache.jena</groupId>
             <artifactId>jena-arq</artifactId>
             <version>${jena.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.protobuf</groupId>
+                    <artifactId>protobuf-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>pl.pragmatists</groupId>

qendpoint-store/pom.xml

@@ -3,7 +3,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>qendpoint</artifactId>
-    <version>2.2.0</version>
+    <version>2.3.0</version>
 
     <packaging>jar</packaging>
 
@@ -13,7 +13,7 @@
     <parent>
         <groupId>com.the-qa-company</groupId>
         <artifactId>qendpoint-parent</artifactId>
-        <version>2.2.0</version>
+        <version>2.3.0</version>
     </parent>
 
     <licenses>

release/RELEASE.md

@@ -1,5 +1,3 @@
-- update rdf4j to 5.1.0
-- add lucene option to set thresholds (#485)
-- fix issue with bitmap not enabled (#506)
-- add reload dl (#499)
-- add bounds to errors (#498)
+- cache constants in query optimiser (#527)
+- update spring to 3.4.0 (#518)
+- remove rdf4j solr from the backend dependencies (#518)

release/RELEASE.md_old

@@ -1,3 +1,10 @@
+## Version 2.2.0
+
+- update rdf4j to 5.1.0
+- add lucene option to set thresholds (#485)
+- fix issue with bitmap not enabled (#506)
+- add reload dl (#499)
+- add bounds to errors (#498)
 ## Version 2.1.2
 
 - fix HDT loading issues (#494)