Update oauth2-oidc-sdk to 11.30

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        java: [17, 21]
+        java: [17, 25]
     steps:
     - uses: actions/checkout@v5
     - name: Cache

CHANGELOG.md

@@ -2,7 +2,9 @@
 All changes to the project will be documented in this file.
 
 ## 4.44.0 - 23 Sep 2025
-- Enhanced branch protection which supports rejecting users fo push, etc.
+- Enhanced branch protection which supports the following settings:
+  - Prevent pushes from non-allowed users
+  - Whether to apply restrictions to administrator users as well
 - Improve logging for initialization errors
 
 ## 4.43.0 - 29 Jun 2025

README.md

@@ -62,7 +62,9 @@ Support
 What's New in 4.44.x
 -------------
 ## 4.44.0 - 23 Sep 2025
-- Enhanced branch protection which supports rejecting users fo push, etc.
+- Enhanced branch protection which supports the following settings:
+  - Prevent pushes from non-allowed users
+  - Whether to apply restrictions to administrator users as well
 - Improve logging for initialization errors
 
 Note that you have to migrate h2 database file if you will upgrade GitBucket from 4.42 or before to 4.43 or later and you are using the default h2 database because h2 1.x and h2.x don't have compatibility: https://www.h2database.com/html/migration-to-v2.html

build.sbt

@@ -14,7 +14,7 @@ sourcesInBase := false
 organization := Organization
 name := Name
 version := GitBucketVersion
-scalaVersion := "2.13.16"
+scalaVersion := "2.13.17"
 
 crossScalaVersions += "3.7.3"
 
@@ -45,18 +45,18 @@ libraryDependencies ++= Seq(
   "org.apache.tika"                 % "tika-core"                % "3.2.3",
   "com.github.takezoe"             %% "blocking-slick"           % "0.0.14",
   "com.novell.ldap"                 % "jldap"                    % "2009-10-07",
-  "com.h2database"                  % "h2"                       % "2.3.232",
+  "com.h2database"                  % "h2"                       % "2.4.240",
   "org.mariadb.jdbc"                % "mariadb-java-client"      % "2.7.12",
   "org.postgresql"                  % "postgresql"               % "42.7.8",
-  "ch.qos.logback"                  % "logback-classic"          % "1.5.18",
+  "ch.qos.logback"                  % "logback-classic"          % "1.5.19",
   "com.zaxxer"                      % "HikariCP"                 % "7.0.2" exclude ("org.slf4j", "slf4j-api"),
   "com.typesafe"                    % "config"                   % "1.4.5",
   "fr.brouillard.oss.security.xhub" % "xhub4j-core"              % "1.1.0",
   "io.github.java-diff-utils"       % "java-diff-utils"          % "4.16",
   "org.cache2k"                     % "cache2k-all"              % "1.6.0.Final",
-  "net.coobird"                     % "thumbnailator"            % "0.4.20",
+  "net.coobird"                     % "thumbnailator"            % "0.4.21",
   "com.github.zafarkhaja"           % "java-semver"              % "0.10.2",
-  "com.nimbusds"                    % "oauth2-oidc-sdk"          % "11.29.1",
+  "com.nimbusds"                    % "oauth2-oidc-sdk"          % "11.30",
   "org.eclipse.jetty"               % "jetty-webapp"             % JettyVersion    % "provided",
   "javax.servlet"                   % "javax.servlet-api"        % "3.1.0"         % "provided",
   "junit"                           % "junit"                    % "4.13.2"        % "test",

doc/release.md

@@ -38,7 +38,7 @@ Generate release files
 
 For plug-in development, we have to publish the GitBucket jar file to the Maven central repository before release GitBucket itself.
  
-First, start the sbt shell:
+First, stage artifacts on your machine:
 
 ```bash
 $ sbt publishSigned

project/build.properties

@@ -1 +1 @@
-sbt.version=1.11.6
+sbt.version=1.11.7

project/plugins.sbt

@@ -5,7 +5,7 @@ addSbtPlugin("org.playframework.twirl" % "sbt-twirl"          % "2.0.9")
 addSbtPlugin("com.eed3si9n"            % "sbt-assembly"       % "2.3.1")
 addSbtPlugin("org.scalatra.sbt"        % "sbt-scalatra"       % "1.0.4")
 addSbtPlugin("com.github.sbt"          % "sbt-pgp"            % "2.3.1")
-addSbtPlugin("com.github.sbt"          % "sbt-license-report" % "1.8.0")
+addSbtPlugin("com.github.sbt"          % "sbt-license-report" % "1.9.0")
 addSbtPlugin("org.scoverage"           % "sbt-scoverage"      % "2.3.1")
 
 addDependencyTreePlugin

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -351,7 +351,7 @@ case class Context(
   val path: String = settings.baseUrl.getOrElse(request.getContextPath)
   val currentPath: String = request.getRequestURI.substring(request.getContextPath.length)
   val baseUrl: String = settings.baseUrl(request)
-  val host: String = new java.net.URL(baseUrl).getHost
+  val host: String = new java.net.URI(baseUrl).toURL.getHost
   val platform: String = request.getHeader("User-Agent") match {
     case null                             => null
     case agent if agent.contains("Mac")   => "mac"

src/main/scala/gitbucket/core/service/WebHookService.scala

@@ -265,7 +265,7 @@ trait WebHookService {
   }
 
   private def validateTargetAddress(settings: SystemSettings, url: String): Boolean = {
-    val host = new java.net.URL(url).getHost
+    val host = new java.net.URI(url).toURL.getHost
 
     !settings.webHook.blockPrivateAddress ||
     !HttpClientUtil.isPrivateAddress(host) ||