Skip to content

Commit

Permalink
Updated dependencies (#589)
Browse files Browse the repository at this point in the history 
* Updated dependencies
* Used javax.inject.Inject
See https://maven.apache.org/maven-jsr330.html#how-to-use-jsr-330-in-plugins


Co-authored-by: Christoph Pirkl <[email protected]>
  • Loading branch information
@ckunki @kaklakariada
ckunki and kaklakariada authored Oct 16, 2024
1 parent fb7cbf1 commit ebcddf7
Show file tree
Hide file tree
Showing 10 changed files with 447 additions and 255 deletions.
475 changes: 238 additions & 237 deletions dependencies.md
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions doc/changes/changelog.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

113 changes: 113 additions & 0 deletions doc/changes/changes_4.3.4.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
# Project Keeper 4.3.4, released 2024-??-??

Code name: Fix vulnerabilities

## Summary

This release fixes vulnerability CVE-2024-47554 in transitive test dependency `commons-io:commons-io` via `com.exasol:maven-plugin-integration-testing:1.1.2` and `com.jcabi:jcabi-github:1.8.0`

The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency `org.glassfish:javax.json:1.1.4` via `com.jcabi:jcabi-github:jar:1.9.1` as this is accepted for accessing exasol json documents on GitHub.

### Security

* #586: Fixed vulnerability CVE-2024-47554 in test dependency `commons-io:commons-io:2.11.0`
* #587: Fixed vulnerability CVE-2024-47554 in test dependency `commons-io:commons-io:2.13.0`
* #588: Ignore vulnerability CVE-2023-7272 in runtime dependency `org.glassfish:javax.json:1.1.4`

## Dependency Updates

### Project Keeper Root Project

#### Plugin Dependency Updates

* Added `org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0`

### Project Keeper Shared Model Classes

#### Compile Dependency Updates

* Updated `org.eclipse:yasson:3.0.3` to `3.0.4`

#### Test Dependency Updates

* Updated `nl.jqno.equalsverifier:equalsverifier:3.16.1` to `3.17.1`
* Updated `org.hamcrest:hamcrest:2.2` to `3.0`
* Updated `org.itsallcode:junit5-system-extensions:1.2.0` to `1.2.2`
* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
* Updated `org.mockito:mockito-core:5.12.0` to `5.14.1`

### Project Keeper Core

#### Compile Dependency Updates

* Updated `com.exasol:project-keeper-shared-model-classes:4.3.3` to `4.3.4`
* Updated `com.jcabi:jcabi-github:1.8.0` to `1.9.1`
* Updated `org.snakeyaml:snakeyaml-engine:2.7` to `2.8`
* Updated `org.yaml:snakeyaml:2.2` to `2.3`

#### Runtime Dependency Updates

* Updated `com.exasol:project-keeper-java-project-crawler:4.3.3` to `4.3.4`

#### Test Dependency Updates

* Updated `com.exasol:maven-plugin-integration-testing:1.1.2` to `1.1.3`
* Updated `com.exasol:project-keeper-shared-test-setup:4.3.3` to `4.3.4`
* Updated `nl.jqno.equalsverifier:equalsverifier:3.16.1` to `3.17.1`
* Updated `org.hamcrest:hamcrest:2.2` to `3.0`
* Updated `org.junit-pioneer:junit-pioneer:2.2.0` to `2.3.0`
* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
* Updated `org.mockito:mockito-junit-jupiter:5.12.0` to `5.14.1`

### Project Keeper Command Line Interface

#### Compile Dependency Updates

* Updated `com.exasol:project-keeper-core:4.3.3` to `4.3.4`
* Updated `org.apache.maven:maven-model:3.9.7` to `3.9.9`

#### Test Dependency Updates

* Updated `com.exasol:project-keeper-shared-test-setup:4.3.3` to `4.3.4`
* Updated `org.hamcrest:hamcrest:2.2` to `3.0`
* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`

### Project Keeper Maven Plugin

#### Compile Dependency Updates

* Updated `com.exasol:project-keeper-core:4.3.3` to `4.3.4`

#### Test Dependency Updates

* Updated `com.exasol:maven-plugin-integration-testing:1.1.2` to `1.1.3`
* Updated `org.hamcrest:hamcrest:2.2` to `3.0`
* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
* Updated `org.mockito:mockito-core:5.12.0` to `5.14.1`

### Project Keeper Java Project Crawler

#### Compile Dependency Updates

* Updated `com.exasol:project-keeper-shared-model-classes:4.3.3` to `4.3.4`

#### Test Dependency Updates

* Updated `com.exasol:maven-plugin-integration-testing:1.1.2` to `1.1.3`
* Updated `org.hamcrest:hamcrest:2.2` to `3.0`
* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.2` to `5.11.2`
* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.2`
* Updated `org.mockito:mockito-core:5.12.0` to `5.14.1`
* Updated `org.mockito:mockito-junit-jupiter:5.12.0` to `5.14.1`

### Project Keeper Shared Test Setup

#### Compile Dependency Updates

* Updated `com.exasol:project-keeper-shared-model-classes:4.3.3` to `4.3.4`
* Updated `org.hamcrest:hamcrest:2.2` to `3.0`
* Updated `org.yaml:snakeyaml:2.2` to `2.3`
12 changes: 12 additions & 0 deletions maven-project-crawler/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,18 @@
<ignoredResourcePatterns>
<ignoredResourcePattern>about.html</ignoredResourcePattern>
</ignoredResourcePatterns>
<ignoredDependencies>
<dependency>
<!-- provided -->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</dependency>
<dependency>
<!-- provided -->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-xml</artifactId>
</dependency>
</ignoredDependencies>
</configuration>
</plugin>
<plugin>
Expand Down
12 changes: 10 additions & 2 deletions maven-project-crawler/src/main/java/com/exasol/projectkeeper/MavenProjectCrawlerMojo.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.exasol.projectkeeper;

import javax.inject.Inject;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
Expand All @@ -25,18 +26,25 @@
*/
@Mojo(name = "crawl", requiresProject = false)
public class MavenProjectCrawlerMojo extends AbstractMojo {

private static final String PROPERTY_PROJECTS_TO_CRAWL = "projectsToCrawl";
@Component

RepositorySystem repositorySystem;

@Parameter(property = PROPERTY_PROJECTS_TO_CRAWL, required = true)
private String projectsToCrawl;

@Component
private ProjectBuilder mavenProjectBuilder;

@Parameter(defaultValue = "${session}", readonly = true)
private MavenSession session;

@Inject
MavenProjectCrawlerMojo(RepositorySystem repositorySystem, ProjectBuilder mavenProjectBuilder) {
this.repositorySystem = repositorySystem;
this.mavenProjectBuilder = mavenProjectBuilder;
}

// [impl -> dsn~eclipse-prefs-java-version~1]
@Override
public void execute() {
Expand Down
32 changes: 16 additions & 16 deletions parent-pom/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,14 @@
</repository>
</distributionManagement>
<properties>
<revision>4.3.3</revision>
<revision>4.3.4</revision>
<!-- Integration test ProjectKeeperMojoIT starts a Maven build which requires Java 17. -->
<java.version>17</java.version>
<maven.version>3.9.7</maven.version>
<maven.version>3.9.9</maven.version>
<minimum.maven.version>3.6.3</minimum.maven.version>
<junit.version>5.10.2</junit.version>
<junit.version>5.11.2</junit.version>
<xmlunit.version>2.10.0</xmlunit.version>
<mockito.version>5.12.0</mockito.version>
<mockito.version>5.14.1</mockito.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<gpg.skip>true</gpg.skip>
Expand Down Expand Up @@ -78,18 +78,18 @@
<dependency>
<groupId>org.eclipse</groupId>
<artifactId>yasson</artifactId>
<version>3.0.3</version>
<version>3.0.4</version>
</dependency>
<dependency>
<!-- Upgrade transitive dependency of org.eclipse:yasson to fix CVE-2023-4043 -->
<groupId>org.eclipse.parsson</groupId>
<artifactId>parsson</artifactId>
<version>1.1.6</version>
<version>1.1.7</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
<version>3.13.1</version>
<version>3.15.0</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -128,17 +128,17 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.2</version>
<version>2.3</version>
</dependency>
<dependency>
<groupId>org.snakeyaml</groupId>
<artifactId>snakeyaml-engine</artifactId>
<version>2.7</version>
<version>2.8</version>
</dependency>
<dependency>
<groupId>com.jcabi</groupId>
<artifactId>jcabi-github</artifactId>
<version>1.8.0</version>
<version>1.9.1</version>
</dependency>
<dependency>
<!-- Fix CVE-2014-3643 in transitive dependency of com.jcabi:jcabi-github -->
Expand Down Expand Up @@ -175,7 +175,7 @@
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<version>2.2</version>
<version>3.0</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -205,7 +205,7 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>maven-plugin-integration-testing</artifactId>
<version>1.1.2</version>
<version>1.1.3</version>
<scope>test</scope>
<exclusions>
<exclusion>
Expand All @@ -224,19 +224,19 @@
<dependency>
<groupId>org.itsallcode</groupId>
<artifactId>junit5-system-extensions</artifactId>
<version>1.2.0</version>
<version>1.2.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit-pioneer</groupId>
<artifactId>junit-pioneer</artifactId>
<version>2.2.0</version>
<version>2.3.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>nl.jqno.equalsverifier</groupId>
<artifactId>equalsverifier</artifactId>
<version>3.16.1</version>
<version>3.17.1</version>
<scope>test</scope>
</dependency>
<dependency>
Expand All @@ -248,7 +248,7 @@
<dependency>
<groupId>org.itsallcode</groupId>
<artifactId>hamcrest-auto-matcher</artifactId>
<version>0.7.0</version>
<version>0.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
12 changes: 12 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,18 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<version>3.2.0</version>
<configuration>
<excludeVulnerabilityIds>
<!-- Ignore vulnerability in org.glassfish:javax.json:jar:1.1.4:runtime
as this is accepted for accessing exasol json documents on GitHub -->
<exclude>CVE-2023-7272</exclude>
</excludeVulnerabilityIds>
</configuration>
</plugin>
</plugins>
</build>
</project>
11 changes: 11 additions & 0 deletions project-keeper-cli/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,17 @@
<legacyMode>true</legacyMode>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<configuration>
<excludeVulnerabilityIds>
<!-- Ignore vulnerability in org.glassfish:javax.json:jar:1.1.4:runtime
as this is accepted for accessing exasol json documents on GitHub -->
<exclude>CVE-2023-7272</exclude>
</excludeVulnerabilityIds>
</configuration>
</plugin>
</plugins>
</build>
<url>https://github.com/exasol/project-keeper/</url>
Expand Down
23 changes: 23 additions & 0 deletions project-keeper-maven-plugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,29 @@
<ignoredResourcePatterns>
<ignoredResourcePattern>about.html</ignoredResourcePattern>
</ignoredResourcePatterns>
<ignoredDependencies>
<dependency>
<!-- provided -->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</dependency>
<dependency>
<!-- provided -->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-xml</artifactId>
</dependency>
</ignoredDependencies>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<configuration>
<excludeVulnerabilityIds>
<!-- Ignore vulnerability in org.glassfish:javax.json:jar:1.1.4:runtime
as this is accepted for accessing exasol json documents on GitHub -->
<exclude>CVE-2023-7272</exclude>
</excludeVulnerabilityIds>
</configuration>
</plugin>
</plugins>
Expand Down
11 changes: 11 additions & 0 deletions project-keeper/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,17 @@
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
<configuration>
<excludeVulnerabilityIds>
<!-- Ignore vulnerability in org.glassfish:javax.json:jar:1.1.4:runtime
as this is accepted for accessing exasol json documents on GitHub -->
<exclude>CVE-2023-7272</exclude>
</excludeVulnerabilityIds>
</configuration>
</plugin>
</plugins>
</build>
</project>

0 comments on commit ebcddf7

Please sign in to comment.