cryptomator
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 20 additions & 17 deletions b/‎.github/workflows/build.yml‎
Lines changed: 20 additions & 17 deletions
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 8 additions & 5 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎.github/workflows/dependency-check.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/dependency-check.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.mvn/wrapper/maven-wrapper.properties‎
Lines changed: 4 additions & 0 deletions b/‎.mvn/wrapper/maven-wrapper.properties‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 7 additions & 5 deletions b/‎CHANGELOG.md‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 0 additions & 1 deletion b/‎README.md‎
Lines changed: 0 additions & 1 deletion
@@ -14,39 +14,41 @@ jobs:
     permissions:
       id-token: write # Required for the attestations step
       attestations: write # Required for the attestations step
+      contents: read
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
       - name: Ensure to use tagged version
         if: startsWith(github.ref, 'refs/tags/')
-        run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+        run: ./mvnw versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
-        run: mvn -B verify --no-transfer-progress
+        run: ./mvnw -B verify --no-transfer-progress
       - name: Attest
         if: startsWith(github.ref, 'refs/tags/')
-        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
         with:
           subject-path: |
             target/*.jar
             target/*.pom
-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: artifacts
           path: target/*.jar
 
   deploy-central:
     name: Deploy to Maven Central
     runs-on: macos-latest
-    permissions: {}
+    permissions:
+      contents: read
     needs: [build]
     if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ env.JAVA_VERSION }}
@@ -56,14 +58,14 @@ jobs:
           server-password: MAVEN_CENTRAL_PASSWORD
       - name: Ensure to use tagged version
         if: startsWith(github.ref, 'refs/tags/')
-        run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+        run: ./mvnw versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Verify project version is -SNAPSHOT
         if: startsWith(github.ref, 'refs/tags/') == false
         run: |
-          PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
+          PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
           test "${PROJECT_VERSION: -9}" = "-SNAPSHOT"
       - name: Deploy to Maven Central
-        run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
+        run: ./mvnw deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
         env:
           MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
           MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
@@ -76,25 +78,26 @@ jobs:
     runs-on: macos-latest
     permissions:
       packages: write # Required for the deploy to GitHub Packages step
+      contents: read
     needs: [build]
     if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           java-version: ${{ env.JAVA_VERSION }}
           distribution: 'temurin'
           cache: 'maven'
       - name: Ensure to use tagged version
         if: startsWith(github.ref, 'refs/tags/')
-        run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+        run: ./mvnw versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Verify project version is -SNAPSHOT
         if: startsWith(github.ref, 'refs/tags/') == false
         run: |
-          PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
+          PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
           test "${PROJECT_VERSION: -9}" = "-SNAPSHOT"
       - name: Deploy to GitHub Packages
-        run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
+        run: ./mvnw deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
 
@@ -15,20 +15,23 @@ jobs:
     runs-on: macos-latest
     # dependeabot has on push events only read-only access, but codeql requires write access
     if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
+    permissions:
+      contents: read
+      security-events: write
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       with:
         fetch-depth: 2
-    - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+    - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
       with:
         distribution: 'temurin'
         java-version: 25
         cache: 'maven'
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
       with:
         languages: java
     - name: Build
-      run: mvn -B compile
+      run: ./mvnw -B compile
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
@@ -11,7 +11,9 @@ on:
 
 jobs:
   check-dependencies:
-    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@1074588008ae3326a2221ea451783280518f0366 # v3.0.1
+    permissions:
+      contents: read
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@957d3c2c08c56855fdac41e5afb9a7aca8c30dd9 # v3.0.3
     with:
       runner-os: 'macos-latest'
       java-distribution: 'temurin'
@@ -20,4 +22,4 @@ jobs:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
       ossindex-username: ${{ secrets.OSSINDEX_USERNAME }}
       ossindex-token: ${{ secrets.OSSINDEX_API_TOKEN }}
-      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }}
@@ -0,0 +1,4 @@
+wrapperVersion=3.3.4
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.12/apache-maven-3.9.12-bin.zip
+distributionSha256Sum=305773a68d6ddfd413df58c82b3f8050e89778e777f3a745c8e5b8cbea4018ef
@@ -7,26 +7,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 The changelog starts with version 1.4.1.
 Changes to prior versions can be found on the [Github release page](https://github.com/cryptomator/integrations-mac/releases).
 
+
 ## [Unreleased](https://github.com/cryptomator/integrations-mac/compare/1.4.1...HEAD)
 
 ### Added
-+ DMG Update Mechanism (#92)
++ DMG Update Mechanism ([#92](https://github.com/cryptomator/integrations-mac/pull/92))
 
 ### Changed
 * Require JDK 25
-* Pin GitHub action versions used in CI (#97)
+* Pin GitHub action versions used in CI ([#97](https://github.com/cryptomator/integrations-mac/pull/97))
+
+### Fixed
+* OpenCmdRevealPathService opened two Finder windows when path parameter is a directory ([#109](https://github.com/cryptomator/integrations-mac/pull/109))
+
 
 ## [1.4.1](https://github.com/cryptomator/integrations-mac/releases/tag/1.4.1) - 2025-09-18
 ### Added
-
 * Added translation for Ukrainian (uk). (#81)
 
 ### Changed
-
 * Updated `org.cryptomator:integrations-api` from 1.6.0 to 1.7.0
 
 ### Fixed
-
 * Guard NSStrings from being nil in native code. (#80)
 
 
@@ -7,5 +7,4 @@ macOS-specific implementations of [integrations-api](https://github.com/cryptoma
 Since this project involves JNI, you need Java as well as Xcode build tools:
 
 * JDK 25
-* Maven
 * XCode Command Line Tools (run `xcode-select --install`)