ewert-technologies / notarytool-kotlin Goto Github PK
View Code? Open in Web Editor NEWA Kotlin library for working with Apple's Notarytool Web API
License: MIT License
A Kotlin library for working with Apple's Notarytool Web API
License: MIT License
Currently, when there is an authentication error, the message is: Notary API Web Service could not authenticate the request.
It would be better if there were a suggested course of action, as well, e.g.: Notary API Web Service could not authenticate the request. Please check that the issuer id, private key, and key identifier are correct.
It seems like logback 1.5.x is compiled using Java 21 (qos-ch/logback#802), and can cause some build problems when using older versions of Gradle (similar to FasterXML/jackson-core#955)
One option is to require users to use newer versions of Gradle (Gradle 8.5 and up seems to work), or downgrade to an older version of logback.
For better compatibility, for now, we should downgrade logback. Note: logback version must be 1.4.14 or higher, to make sure it has the CVE fix (See issue #4).
We can look at moving to version 1.5.x for a later release.
It would be great, if NotaryToolClient
accepted a Supplier<ECKey>
or similar in addition to the key file location. This way the sensitive key data could be kept in secure storage like a KeyStore or similar instead of in a regular file.
Security report: https://sbom.sonatype.com/report/T1-118f0f57da8c6b3097cc-2b6c6abed8132-1699912808-f201232d37f24cb38a4aa702d04b4c83
1 vulnerability found in io.netty [email protected]
netty-handler is used by awssdk
Starting with v2 the kotlin-result
library models its Result
type as an inline value class
, in order to reduce overhead,
see: https://github.com/michaelbull/kotlin-result
and: https://github.com/michaelbull/kotlin-result/wiki/Overhead
This update, however, makes some breaking changes to API.
We should update our library to be able to use this new version.
mvnrepository is reporting a security vulnerability: CVE-2023-6378
See: https://mvnrepository.com/artifact/ca.ewert-technologies.notarytoolkotlin/notarytool-kotlin/0.1.0
and: https://www.cve.org/CVERecord?id=CVE-2023-6378
This seems like it has been fixed in logback-classic 1.4.12: https://mvnrepository.com/artifact/ch.qos.logback/logback-classic
logback-classic should be updated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.