Upgrade libraries and plugins

3d6e79ad · Joze RIHTARSIC · c1ef3b2b · 3d6e79ad · 3d6e79ad
Commit 3d6e79ad authored 1 year ago by Joze RIHTARSIC
--- a/owasp-false-positive-warnings.xml
+++ b/owasp-false-positive-warnings.xml
 <?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+<suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
+              xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd
+              https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
   file name: spring-security-crypto-5.8.*.jar
@@ -18,9 +21,9 @@
    </suppress>
    <suppress>
        <notes><![CDATA[
-   file name: smp.war: spring-core-5.3.30.jar
+   file name: smp.war: spring-core-5.3.31.jar
   ]]></notes>
-        <sha1>cd2b09bf9bdb45c3cf2b771317b6dd0d6b2f6a25</sha1>
+        <sha1>368e76f732a3c331b970f69cafec1525d27b34d3</sha1>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <suppress>

--- a/pom.xml
+++ b/pom.xml
@@ -38,24 +38,22 @@
        <maven.compiler.source>1.8</maven.compiler.source>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <edelivery.ssl-auth.version>1.15-SNAPSHOT</edelivery.ssl-auth.version>
-        <edelivery.dynamic-discovery-client.version>2.1-SNAPSHOT</edelivery.dynamic-discovery-client.version>
+        <edelivery.dynamic-discovery-client.version>2.1.1-SNAPSHOT</edelivery.dynamic-discovery-client.version>
        <bdmsl-api.version>4.3</bdmsl-api.version>
        <!-- plugin versions -->
-        <plugin.build-helper-maven-plugin.version>1.9.1</plugin.build-helper-maven-plugin.version>
-        <plugin.dependency-check-maven.version>8.4.2</plugin.dependency-check-maven.version>
+        <plugin.dependency-check-maven.version>9.0.3</plugin.dependency-check-maven.version>
        <plugin.jacoco-maven-plugin.version>0.8.11</plugin.jacoco-maven-plugin.version>
-        <plugin.license-maven-plugin.version>2.0.0</plugin.license-maven-plugin.version>
+        <plugin.license-maven-plugin.version>2.3.0</plugin.license-maven-plugin.version>
        <plugin.maven-antrun-plugin.version>3.1.0</plugin.maven-antrun-plugin.version>
        <plugin.maven-assembly-plugin.version>3.6.0</plugin.maven-assembly-plugin.version>
-        <plugin.maven-bundle-plugin.version>3.0.0</plugin.maven-bundle-plugin.version>
-        <plugin.maven-clean-plugin.version>3.3.1</plugin.maven-clean-plugin.version>
+        <plugin.maven-clean-plugin.version>3.3.2</plugin.maven-clean-plugin.version>
        <plugin.maven-compiler-plugin.version>3.11.0</plugin.maven-compiler-plugin.version>
-        <plugin.maven-dependency-plugin.version>3.6.0</plugin.maven-dependency-plugin.version>
+        <plugin.maven-dependency-plugin.version>3.6.1</plugin.maven-dependency-plugin.version>
        <plugin.maven-failsafe-plugin.version>3.1.2</plugin.maven-failsafe-plugin.version>
        <plugin.maven-jar-plugin.version>3.3.0</plugin.maven-jar-plugin.version>
        <plugin.maven-release-plugin.version>3.0.1</plugin.maven-release-plugin.version>
        <plugin.maven-resources-plugin.version>3.3.1</plugin.maven-resources-plugin.version>
-        <plugin.maven-surefire-plugin.version>3.1.2</plugin.maven-surefire-plugin.version>
+        <plugin.maven-surefire-plugin.version>3.2.2</plugin.maven-surefire-plugin.version>
        <plugin.maven-war-plugin.version>3.4.0</plugin.maven-war-plugin.version>

        
@@ -65,11 +63,11 @@
        
        <commons-beanutils.version>1.9.4</commons-beanutils.version>
        <commons-collections.version>3.2.2</commons-collections.version>
-        <commons-io.version>2.14.0</commons-io.version>
-        <commons-lang3.version>3.13.0</commons-lang3.version>
+        <commons-io.version>2.15.0</commons-io.version>
+        <commons-lang3.version>3.14.0</commons-lang3.version>
        <commons-fileupload.version>1.5</commons-fileupload.version>
-        <commons-net.version>3.9.0</commons-net.version>
-        <commons-validator.version>1.7</commons-validator.version>
+        <commons-net.version>3.10.0</commons-net.version>
+        <commons-validator.version>1.8.0</commons-validator.version>
        <cxf-xjc-runtime.version>3.3.2</cxf-xjc-runtime.version>
        <cxf.version>3.5.7</cxf.version>
        <ehcache.version>2.10.9.2</ehcache.version>
@@ -91,29 +89,26 @@
        <jakarta.xml.bind-api.version>2.3.3</jakarta.xml.bind-api.version>
        <jstl.version>1.2</jstl.version>
        <junit.version>4.13.2</junit.version>
-        <junit-jupiter.version>5.10.0</junit-jupiter.version>
+        <junit-jupiter.version>5.10.1</junit-jupiter.version>
        <junit-platform-surefire-provider.version>1.3.2</junit-platform-surefire-provider.version>
        <junitparams.version>1.1.1</junitparams.version>
        <!-- Use logback 1.2.x because is the one used by springboot 5.7. Changing to 1.3+ will break springboot logging. -->
        <slf4j.version>1.7.36</slf4j.version>
-        <logback.version>1.2.12</logback.version>
+        <logback.version>1.2.13</logback.version>
        <mysql.jdbc.version>8.2.0</mysql.jdbc.version>
        <metro.version>2.2.1-1</metro.version>
        <mockito.version>4.11.0</mockito.version>
-        <orika.version>1.5.4</orika.version>
        <servlet-api.version>3.0.1</servlet-api.version>

        <spring-modules-jakarta-commons.version>0.8</spring-modules-jakarta-commons.version>
        <spring-boot.version>2.7.18</spring-boot.version>
-        <spring-boot.tomcat.version>9.0.82</spring-boot.tomcat.version>
+        <spring-boot.tomcat.version>9.0.83</spring-boot.tomcat.version>
        <spring.security.version>5.8.8</spring.security.version>
-        <spring.version>5.3.30</spring.version>
+        <spring.version>5.3.31</spring.version>
        <xmlunit.version>2.9.1</xmlunit.version>

        <!-- plugins -->
        <plugin.frontend-maven-plugin.version>1.15.0</plugin.frontend-maven-plugin.version>
-        <plugin.exec-maven-plugin.version>1.6.0</plugin.exec-maven-plugin.version>
-
        <sonar.jacoco.remotePort>${jacocoRemotePort}</sonar.jacoco.remotePort>
        <sonar.jacoco.remoteAddress>${jacocoRemoteAddress}</sonar.jacoco.remoteAddress>

@@ -145,6 +140,9 @@
        </release.arguments>
        <project.scm.id>edelivery-scm</project.scm.id>
    </properties>
+    <prerequisites>
+        <maven>3.6.0</maven>
+    </prerequisites>

    <scm>
        <developerConnection>scm:git:https://ec.europa.eu/digital-building-blocks/code/scm/edelivery/smp.git
@@ -359,6 +357,10 @@
                        <groupId>org.bouncycastle</groupId>
                        <artifactId>bcprov-jdk15on</artifactId>
                    </exclusion>
+                    <exclusion>
+                        <groupId>org.bouncycastle</groupId>
+                        <artifactId>bcpkix-jdk15on</artifactId>
+                    </exclusion>
                </exclusions>
            </dependency>
            <dependency>
@@ -428,13 +430,13 @@
                <version>${aspectj.version}</version>
            </dependency>
            <dependency>
-                <groupId>ma.glasnost.orika</groupId>
-                <artifactId>orika-core</artifactId>
-                <version>${orika.version}</version>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-classic</artifactId>
+                <version>${logback.version}</version>
            </dependency>
            <dependency>
                <groupId>ch.qos.logback</groupId>
-                <artifactId>logback-classic</artifactId>
+                <artifactId>logback-core</artifactId>
                <version>${logback.version}</version>
            </dependency>
            <dependency>
@@ -699,11 +701,6 @@
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>${plugin.sonar-maven-plugin.version}</version>
                </plugin>
-                <plugin>
-                    <groupId>org.codehaus.mojo</groupId>
-                    <artifactId>build-helper-maven-plugin</artifactId>
-                    <version>${plugin.build-helper-maven-plugin.version}</version>
-                </plugin>
                <plugin>
                    <groupId>org.apache.cxf</groupId>
                    <artifactId>cxf-codegen-plugin</artifactId>
@@ -749,11 +746,6 @@
                    <artifactId>maven-compiler-plugin</artifactId>
                    <version>${plugin.maven-compiler-plugin.version}</version>
                </plugin>
-                <plugin>
-                    <groupId>org.apache.felix</groupId>
-                    <artifactId>maven-bundle-plugin</artifactId>
-                    <version>${plugin.maven-bundle-plugin.version}</version>
-                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-jar-plugin</artifactId>
@@ -764,11 +756,6 @@
                    <artifactId>frontend-maven-plugin</artifactId>
                    <version>${plugin.frontend-maven-plugin.version}</version>
                </plugin>
-                <plugin>
-                    <groupId>org.codehaus.mojo</groupId>
-                    <artifactId>exec-maven-plugin</artifactId>
-                    <version>${plugin.exec-maven-plugin.version}</version>
-                </plugin>
            </plugins>
        </pluginManagement>
        <plugins>