Merge pull request #361 from diffplug/feature/fixHttp

nedtwigg · web-flow · commit 1a3e260ada93 · 2019-02-25T16:44:54.000-08:00
Feature/fix http
diff --git a/CHANGES.md b/CHANGES.md
@@ -9,6 +9,8 @@ You might be looking for:
 
 **WARNING: xml formatter in this version may be vulnerable to XXE attacks (see [#358](https://github.com/diffplug/spotless/issues/358)).**
 
+* Security fix: Updated groovy, c/c++, and eclipse WTP formatters so that they download their source jars securely using `https` rather than `http` ([#360](https://github.com/diffplug/spotless/issues/360)).
+
 ### Version 1.18.0 - February 11th 2018 (javadoc [lib](https://diffplug.github.io/spotless/javadoc/spotless-lib/1.18.0/) [lib-extra](https://diffplug.github.io/spotless/javadoc/spotless-lib-extra/1.18.0/), artifact [lib]([jcenter](https://bintray.com/diffplug/opensource/spotless-lib), [lib-extra]([jcenter](https://bintray.com/diffplug/opensource/spotless-lib-extra)))
 
 **WARNING: xml formatter in this version may be vulnerable to XXE attacks (see [#358](https://github.com/diffplug/spotless/issues/358)).**
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -40,7 +40,7 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [https://contributor-covenant.org/version/1/4][version]
 
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/
diff --git a/README.md b/README.md
@@ -108,6 +108,6 @@ extra('wtp.EclipseWtpFormatterStep')             +'{{yes}}       | {{yes}}
 - Thanks to Gábor Bernát for improvements to logging and multi-project support.
 - Thanks to Andrew Oberstar for improvements to formatting java source in non-java source sets. [PR #60](https://github.com/diffplug/spotless/pull/60).
 - Import ordering from [EclipseCodeFormatter](https://github.com/krasa/EclipseCodeFormatter).
-- Built by [gradle](http://gradle.org/).
-- Tested by [junit](http://junit.org/).
-- Maintained by [DiffPlug](http://www.diffplug.com/).
+- Built by [gradle](https://gradle.org/).
+- Tested by [junit](https://junit.org/).
+- Maintained by [DiffPlug](https://www.diffplug.com/).
diff --git a/_ext/eclipse-cdt/build.gradle b/_ext/eclipse-cdt/build.gradle
@@ -3,7 +3,7 @@ ext {
 		fvgh: [ name: 'Frank Vennemeyer', email: 'frankgh@zoho.com' ],
 	]
 
-	p2Repository = "http://download.eclipse.org/tools/cdt/releases/${VER_ECLIPSE_CDT}"
+	p2Repository = "https://download.eclipse.org/tools/cdt/releases/${VER_ECLIPSE_CDT}"
 	
 	p2Dependencies = [
 		'org.eclipse.cdt.core':'+', // CodeFormatter and related
diff --git a/_ext/eclipse-cdt/gradle.properties b/_ext/eclipse-cdt/gradle.properties
@@ -1,7 +1,7 @@
 # Versions correspond to the Eclipse-CDT version used for the fat-JAR.
 # See https://www.eclipse.org/cdt/ for further information about Eclipse-CDT versions.
 # Patch version can be incremented independently for backward compatible patches of this library. 
-ext_version=9.4.4
+ext_version=9.4.5
 ext_artifactId=spotless-eclipse-cdt
 ext_description=Eclipse's CDT C/C++ formatter bundled for Spotless
 ext_org=diffplug
diff --git a/_ext/eclipse-groovy/build.gradle b/_ext/eclipse-groovy/build.gradle
@@ -3,7 +3,7 @@ ext {
 		fvgh: [ name: 'Frank Vennemeyer', email: 'frankgh@zoho.com' ],
 	]
 
-	p2Repository = "http://dist.springsource.org/release/GRECLIPSE/e${VER_ECLIPSE}"
+	p2Repository = "https://dist.springsource.org/release/GRECLIPSE/e${VER_ECLIPSE}"
 	
     p2Dependencies = [
 		'org.codehaus.groovy.eclipse.refactoring':'+', // GroovyFormatter and related
diff --git a/_ext/eclipse-groovy/gradle.properties b/_ext/eclipse-groovy/gradle.properties
@@ -1,7 +1,7 @@
 # Versions correspond to the Groovy-Eclipse version used for the fat-JAR.
 # See https://github.com/groovy/groovy-eclipse/releases for further information about Groovy-Eclipse versions.
 # Patch version can be incremented independently for backward compatible patches of this library. 
-ext_version=3.0.0
+ext_version=3.0.1
 ext_artifactId=spotless-eclipse-groovy
 ext_description=Groovy Eclipse's formatter bundled for Spotless
 
diff --git a/_ext/eclipse-wtp/CHANGES.md b/_ext/eclipse-wtp/CHANGES.md
@@ -2,6 +2,10 @@
 
 ### Versioni 3.10.0 - TBD
 
+### Version 3.9.7 - February 25th 2018 ([artifact]([jcenter](https://bintray.com/diffplug/opensource/spotless-eclipse-wtp)))
+
+* Replaced `http` update-site with `https` ([#360](https://github.com/diffplug/spotless/issues/360)).
+
 ### Version 3.9.6 - February 10th 2018 ([artifact]([jcenter](https://bintray.com/diffplug/opensource/spotless-eclipse-wtp)))
 
 * Fixed formatting of JSON arrays ([#344](https://github.com/diffplug/spotless/issues/344)).
diff --git a/_ext/eclipse-wtp/build.gradle b/_ext/eclipse-wtp/build.gradle
@@ -3,7 +3,7 @@ ext {
 		fvgh: [ name: 'Frank Vennemeyer', email: 'frankgh@zoho.com' ],
 	]
 	
-	p2Repository = "http://download.eclipse.org/webtools/repository/${VER_ECLIPSE_WTP}"
+	p2Repository = "https://download.eclipse.org/webtools/repository/${VER_ECLIPSE_WTP}"
 	
 	p2Dependencies = [
 		// XML/HTML Formatter  - Dependencies
diff --git a/_ext/eclipse-wtp/gradle.properties b/_ext/eclipse-wtp/gradle.properties
@@ -1,7 +1,7 @@
 # Versions correspond to the Eclipse-WTP version used for the fat-JAR.
 # See https://www.eclipse.org/webtools/ for further information about Eclipse-WTP versions.
 # Patch version can be incremented independently for backward compatible patches of this library. 
-ext_version=3.10.0
+ext_version=3.9.7
 ext_artifactId=spotless-eclipse-wtp
 ext_description=Eclipse's WTP formatters bundled for Spotless
 
diff --git a/_ext/gradle/p2-fat-jar-setup.gradle b/_ext/gradle/p2-fat-jar-setup.gradle
@@ -7,7 +7,7 @@ buildscript {
         }
     }
     dependencies {
-        classpath "com.diffplug.gradle:goomph:3.15.0"
+        classpath "com.diffplug.gradle:goomph:3.17.4"
     }
 }
 apply plugin: com.diffplug.gradle.p2.AsMavenPlugin
@@ -73,7 +73,7 @@ p2AsMaven {
 		p2ant {
 			/*
 			Define p2ant proxy settings as a closure. Refer to the API documents for instructions:
-			https://diffplug.github.io/goomph/javadoc/3.3.0/com/diffplug/gradle/p2/AsMavenPlugin.html
+			https://diffplug.github.io/goomph/javadoc/3.17.4/com/diffplug/gradle/p2/AsMavenPlugin.html
 			*/
 			if (project.hasProperty('setP2AntProxy')) {
 				setP2AntProxy(it)
diff --git a/gradle.properties b/gradle.properties
@@ -25,7 +25,7 @@ VER_SPOTBUGS=3.1.6
 VER_SPOTBUGS_PLUGIN=1.6.2
 VER_BINTRAY=1.7.3
 VER_PLUGIN_PUBLISH=0.9.7
-VER_GOOMPH=3.8.1
+VER_GOOMPH=3.17.4
 VER_GRADLE_GIT=1.6.0
 VER_PEGDOWN_DOCLET=1.3
 
diff --git a/gradle/java-publish.gradle b/gradle/java-publish.gradle
@@ -20,7 +20,7 @@ javadoc {
 // use markdown in javadoc
 def makeLink = { url, text -> "<a href=\"${url}\" style=\"text-transform: none;\">${text}</a>" }
 def javadocInfo = '<h2>' + makeLink("https://github.com/${org}/${name}", "${group}:${project.ext.artifactId}:${ext.version}") +
-		' by ' + makeLink('http://www.diffplug.com', 'DiffPlug') + '</h2>'
+		' by ' + makeLink('https://www.diffplug.com', 'DiffPlug') + '</h2>'
 
 String version_str = ext.version.endsWith('-SNAPSHOT') ? 'snapshot' : ext.version
 apply plugin: 'ch.raffael.pegdown-doclet'
@@ -95,7 +95,7 @@ model {
 						licenses {
 							license {
 								name 'The Apache Software License, Version 2.0'
-								url 'http://www.apache.org/license/LICENSE-2.0.txt'
+								url 'https://www.apache.org/licenses/LICENSE-2.0.txt'
 								distribution 'repo'
 							}
 						}
diff --git a/lib-extra/src/main/resources/com/diffplug/spotless/extra/eclipse_cdt_formatter/v4.7.3a.lockfile b/lib-extra/src/main/resources/com/diffplug/spotless/extra/eclipse_cdt_formatter/v4.7.3a.lockfile
@@ -1,5 +1,5 @@
 # Spotless formatter based on CDT version 9.4.3 (see https://www.eclipse.org/cdt/)
-com.diffplug.spotless:spotless-eclipse-cdt:9.4.4
+com.diffplug.spotless:spotless-eclipse-cdt:9.4.5
 com.diffplug.spotless:spotless-eclipse-base:3.0.0
 com.google.code.findbugs:annotations:3.0.0
 com.google.code.findbugs:jsr305:3.0.0
diff --git a/lib-extra/src/main/resources/com/diffplug/spotless/extra/eclipse_wtp_formatters/v4.7.3a.lockfile b/lib-extra/src/main/resources/com/diffplug/spotless/extra/eclipse_wtp_formatters/v4.7.3a.lockfile
@@ -1,5 +1,5 @@
 # Spotless formatter based on Eclipse-WTP version 3.9.5 (see https://www.eclipse.org/webtools/)
-com.diffplug.spotless:spotless-eclipse-wtp:3.9.6
+com.diffplug.spotless:spotless-eclipse-wtp:3.9.7
 com.diffplug.spotless:spotless-eclipse-base:3.0.0
 com.google.code.findbugs:annotations:3.0.0
 com.google.code.findbugs:jsr305:3.0.0
diff --git a/lib-extra/src/main/resources/com/diffplug/spotless/extra/groovy_eclipse_formatter/v4.8.1.lockfile b/lib-extra/src/main/resources/com/diffplug/spotless/extra/groovy_eclipse_formatter/v4.8.1.lockfile
@@ -1,5 +1,5 @@
 # Spotless formatter based on Groovy-Eclipse version 3.0.0 (see https://github.com/groovy/groovy-eclipse/releases)
-com.diffplug.spotless:spotless-eclipse-groovy:3.0.0
+com.diffplug.spotless:spotless-eclipse-groovy:3.0.1
 com.diffplug.spotless:spotless-eclipse-base:3.0.0
 com.google.code.findbugs:annotations:3.0.0
 com.google.code.findbugs:jsr305:3.0.0
diff --git a/plugin-gradle/CHANGES.md b/plugin-gradle/CHANGES.md
@@ -4,6 +4,8 @@
 
 **WARNING: xml formatter in this version may be vulnerable to XXE attacks (see [#358](https://github.com/diffplug/spotless/issues/358)).**
 
+* Security fix: Updated groovy, c/c++, and eclipse WTP formatters so that they download their source jars securely using `https` rather than `http` ([#360](https://github.com/diffplug/spotless/issues/360)).
+
 ### Version 3.18.0 - February 11th 2018 ([javadoc](https://diffplug.github.io/spotless/javadoc/spotless-plugin-gradle/3.18.0/), [jcenter](https://bintray.com/diffplug/opensource/spotless-plugin-gradle/3.18.0))
 
 **WARNING: xml formatter in this version may be vulnerable to XXE attacks (see [#358](https://github.com/diffplug/spotless/issues/358)).**
diff --git a/plugin-gradle/README.md b/plugin-gradle/README.md
@@ -3,7 +3,7 @@
 <!---freshmark shields
 output = [
   link(shield('Gradle plugin', 'plugins.gradle.org', 'com.diffplug.gradle.spotless', 'blue'), 'https://plugins.gradle.org/plugin/com.diffplug.gradle.spotless'),
-  link(shield('Maven central', 'mavencentral', 'com.diffplug.gradle.spotless:spotless', 'blue'), 'http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-plugin-gradle%22'),
+  link(shield('Maven central', 'mavencentral', 'com.diffplug.gradle.spotless:spotless', 'blue'), 'https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-plugin-gradle%22'),
   link(shield('Javadoc', 'javadoc', '{{stableGradle}}', 'blue'), 'https://{{org}}.github.io/{{name}}/javadoc/spotless-plugin-gradle/{{stableGradle}}/'),
   '',
   link(shield('Changelog', 'changelog', '{{versionGradle}}', 'brightgreen'), 'CHANGES.md'),
@@ -13,7 +13,7 @@ output = [
   ].join('\n');
 -->
 [![Gradle plugin](https://img.shields.io/badge/plugins.gradle.org-com.diffplug.gradle.spotless-blue.svg)](https://plugins.gradle.org/plugin/com.diffplug.gradle.spotless)
-[![Maven central](https://img.shields.io/badge/mavencentral-com.diffplug.gradle.spotless%3Aspotless-blue.svg)](http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-plugin-gradle%22)
+[![Maven central](https://img.shields.io/badge/mavencentral-com.diffplug.gradle.spotless%3Aspotless-blue.svg)](https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-plugin-gradle%22)
 [![Javadoc](https://img.shields.io/badge/javadoc-3.18.0-blue.svg)](https://diffplug.github.io/spotless/javadoc/spotless-plugin-gradle/3.18.0/)
 
 [![Changelog](https://img.shields.io/badge/changelog-3.19.0--SNAPSHOT-brightgreen.svg)](CHANGES.md)
diff --git a/plugin-maven/CHANGES.md b/plugin-maven/CHANGES.md
@@ -4,6 +4,8 @@
 
 **WARNING: xml formatter in this version may be vulnerable to XXE attacks (see [#358](https://github.com/diffplug/spotless/issues/358)).**
 
+* Security fix: Updated groovy, c/c++, and eclipse WTP formatters so that they download their source jars securely using `https` rather than `http` ([#360](https://github.com/diffplug/spotless/issues/360)).
+
 ### Version 1.18.0 - February 11th 2018 ([javadoc](https://diffplug.github.io/spotless/javadoc/spotless-maven-plugin/1.18.0/), [jcenter](https://bintray.com/diffplug/opensource/spotless-maven-plugin/1.18.0))
 
 **WARNING: xml formatter in this version may be vulnerable to XXE attacks (see [#358](https://github.com/diffplug/spotless/issues/358)).**
diff --git a/plugin-maven/README.md b/plugin-maven/README.md
@@ -2,7 +2,7 @@
 
 <!---freshmark shields
 output = [
-  link(shield('Maven central', 'mavencentral', '{{group}}:{{artifactIdMaven}}', 'blue'), 'http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22{{group}}%22%20AND%20a%3A%22{{artifactIdMaven}}%22'),
+  link(shield('Maven central', 'mavencentral', '{{group}}:{{artifactIdMaven}}', 'blue'), 'https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22{{group}}%22%20AND%20a%3A%22{{artifactIdMaven}}%22'),
   link(shield('Javadoc', 'javadoc', '{{stableMaven}}', 'blue'), 'https://{{org}}.github.io/{{name}}/javadoc/{{artifactIdMaven}}/{{stableMaven}}/'),
   '',
   link(shield('Changelog', 'changelog', '{{stableMaven}}', 'brightgreen'), 'CHANGES.md'),
@@ -11,7 +11,7 @@ output = [
   link(shield('License Apache', 'license', 'apache', 'brightgreen'), 'https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)')
   ].join('\n');
 -->
-[![Maven central](https://img.shields.io/badge/mavencentral-com.diffplug.spotless%3Aspotless--maven--plugin-blue.svg)](http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-maven-plugin%22)
+[![Maven central](https://img.shields.io/badge/mavencentral-com.diffplug.spotless%3Aspotless--maven--plugin-blue.svg)](https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-maven-plugin%22)
 [![Javadoc](https://img.shields.io/badge/javadoc-1.18.0-blue.svg)](https://diffplug.github.io/spotless/javadoc/spotless-maven-plugin/1.18.0/)
 
 [![Changelog](https://img.shields.io/badge/changelog-1.18.0-brightgreen.svg)](CHANGES.md)
@@ -52,7 +52,7 @@ cmd> mvn spotless:check
 ...
 ```
 
-To use it in your pom, just [add the Spotless dependency](http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-maven-plugin%22), and configure it like so:
+To use it in your pom, just [add the Spotless dependency](https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.diffplug.spotless%22%20AND%20a%3A%22spotless-maven-plugin%22), and configure it like so:
 
 ```xml
 <plugin>
diff --git a/plugin-maven/build.gradle b/plugin-maven/build.gradle
@@ -15,7 +15,7 @@ visteg {
 	nodeShape = 'box'
 	startNodeShape = 'box'
 	endNodeShape = 'box'
-	colorscheme = 'pastel24' // http://www.graphviz.org/doc/info/colors.html
+	colorscheme = 'pastel24' // https://www.graphviz.org/doc/info/colors.html
 }
 
 import com.github.mustachejava.DefaultMustacheFactory

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ ext {`
`3`	`3`	`fvgh: [ name: 'Frank Vennemeyer', email: '[email protected]' ],`
`4`	`4`	`]`
`5`	`5`
`6`		`- p2Repository = "http://download.eclipse.org/tools/cdt/releases/${VER_ECLIPSE_CDT}"`
	`6`	`+ p2Repository = "https://download.eclipse.org/tools/cdt/releases/${VER_ECLIPSE_CDT}"`
`7`	`7`
`8`	`8`	`p2Dependencies = [`
`9`	`9`	`'org.eclipse.cdt.core':'+', // CodeFormatter and related`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ ext {`
`3`	`3`	`fvgh: [ name: 'Frank Vennemeyer', email: '[email protected]' ],`
`4`	`4`	`]`
`5`	`5`
`6`		`- p2Repository = "http://dist.springsource.org/release/GRECLIPSE/e${VER_ECLIPSE}"`
	`6`	`+ p2Repository = "https://dist.springsource.org/release/GRECLIPSE/e${VER_ECLIPSE}"`
`7`	`7`
`8`	`8`	`p2Dependencies = [`
`9`	`9`	`'org.codehaus.groovy.eclipse.refactoring':'+', // GroovyFormatter and related`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ buildscript {`
`7`	`7`	`}`
`8`	`8`	`}`
`9`	`9`	`dependencies {`
`10`		`- classpath "com.diffplug.gradle:goomph:3.15.0"`
	`10`	`+ classpath "com.diffplug.gradle:goomph:3.17.4"`
`11`	`11`	`}`
`12`	`12`	`}`
`13`	`13`	`apply plugin: com.diffplug.gradle.p2.AsMavenPlugin`
`@@ -73,7 +73,7 @@ p2AsMaven {`
`73`	`73`	`p2ant {`
`74`	`74`	`/*`
`75`	`75`	`Define p2ant proxy settings as a closure. Refer to the API documents for instructions:`
`76`		`- https://diffplug.github.io/goomph/javadoc/3.3.0/com/diffplug/gradle/p2/AsMavenPlugin.html`
	`76`	`+ https://diffplug.github.io/goomph/javadoc/3.17.4/com/diffplug/gradle/p2/AsMavenPlugin.html`
`77`	`77`	`*/`
`78`	`78`	`if (project.hasProperty('setP2AntProxy')) {`
`79`	`79`	`setP2AntProxy(it)`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ visteg {`
`15`	`15`	`nodeShape = 'box'`
`16`	`16`	`startNodeShape = 'box'`
`17`	`17`	`endNodeShape = 'box'`
`18`		`- colorscheme = 'pastel24' // http://www.graphviz.org/doc/info/colors.html`
	`18`	`+ colorscheme = 'pastel24' // https://www.graphviz.org/doc/info/colors.html`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`import com.github.mustachejava.DefaultMustacheFactory`