Merge branch 'main' into upgradeMaven

Author: jeremylong

.github/workflows/build.yml

@@ -83,15 +83,15 @@ jobs:
       - name: Archive IT test logs
         id: archive-logs
         if: always()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: it-test-logs-jdk-${{ matrix.jdk_test_version }}
           retention-days: 7
           path: maven/target/it/**/build.log
       - name: Archive code coverage results
         if: matrix.jdk_test_version == matrix.jdk_default_version
         id: archive-coverage
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: code-coverage-report
           retention-days: 7
@@ -101,7 +101,7 @@ jobs:
       - name: Archive Snapshot
         if: matrix.jdk_test_version == matrix.jdk_default_version
         id: archive-snapshot
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: archive-snapshot
           retention-days: 7
@@ -131,7 +131,7 @@ jobs:
           cache: 'maven'
           cache-dependency-path: '**/pom.xml'
       - name: Download release build
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: archive-snapshot
       - name: Set up Docker

.github/workflows/false-positive-ops.yml

@@ -144,7 +144,7 @@ jobs:
             --ossIndexPassword ${{ secrets.OSS_INDEX_API_TOKEN }}
       - name: Upload FP Report
         if: steps.check_files.outputs.files_exists == 'true'
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
            name: FP Report
            path: ${{github.workspace}}/reports

.github/workflows/pull_requests.yml

@@ -81,7 +81,7 @@ jobs:
       - name: Archive Snapshot
         if: matrix.jdk_test_version == matrix.jdk_default_version
         id: archive-snapshot
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: archive-snapshot
           retention-days: 1
@@ -146,7 +146,7 @@ jobs:
       - name: Archive IT test logs
         id: archive-logs
         if: always()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: it-test-logs-jdk-${{ matrix.jdk_test_version }}
           retention-days: 7
@@ -202,7 +202,7 @@ jobs:
           cache: 'maven'
           cache-dependency-path: '**/pom.xml'
       - name: Download release build
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: archive-snapshot
       - name: Set up Docker

.github/workflows/release.yml

@@ -81,7 +81,7 @@ jobs:
           --no-transfer-progress --batch-mode -Dstyle.color=always
       - name: Archive code coverage results
         id: archive-coverage
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: code-coverage-report
           retention-days: 7
@@ -90,7 +90,7 @@ jobs:
             **/target/jacoco-results/**/*.html
       - name: Archive Release
         id: archive-release
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: archive-release
           retention-days: 7
@@ -103,7 +103,7 @@ jobs:
             target/*.buildinfo
       - name: Archive Site
         id: archive-site
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: archive-site
           retention-days: 7
@@ -134,7 +134,7 @@ jobs:
           cache: 'maven'
           cache-dependency-path: '**/pom.xml'
       - name: Download release build
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: archive-release
       - name: Set up Docker
@@ -168,7 +168,7 @@ jobs:
           VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout )
           echo "VERSION=$VERSION" >> $GITHUB_ENV
       - name: Download release build
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: archive-release
       - name: Create Release
@@ -243,7 +243,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v6
       - name: Download Site
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: archive-site
           path: target/staging

Dockerfile

@@ -2,7 +2,7 @@ FROM golang:1.26.0-alpine AS go
 
 FROM azul/zulu-openjdk-alpine:25 AS jlink
 
-RUN "$JAVA_HOME/bin/jlink" --compress=zip-6 --module-path /opt/java/openjdk/jmods --add-modules java.base,java.compiler,java.datatransfer,jdk.crypto.ec,java.desktop,java.instrument,java.logging,java.management,java.naming,java.rmi,java.scripting,java.security.sasl,java.sql,java.transaction.xa,java.xml,jdk.unsupported --output /jlinked
+RUN "$JAVA_HOME/bin/jlink" --compress=zip-6 --module-path /opt/java/openjdk/jmods --add-modules java.base,java.compiler,java.datatransfer,jdk.crypto.ec,java.desktop,java.instrument,java.logging,java.management,java.naming,java.rmi,java.scripting,java.security.sasl,java.sql,java.transaction.xa,java.xml,jdk.unsupported,jdk.net --output /jlinked
 
 FROM mcr.microsoft.com/dotnet/runtime:8.0-alpine
 

ant/src/test/java/org/owasp/dependencycheck/ant/logging/AntSlf4jServiceProviderTest.java

@@ -33,6 +33,7 @@
 import org.slf4j.Logger;
 import org.slf4j.spi.SLF4JServiceProvider;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -100,7 +101,7 @@ void testServiceDescriptorContainsCorrectClassName() throws Exception {
                     assertEquals(AntSlf4jServiceProvider.class.getName(), line.trim());
                 }
             } else {
-                try (BufferedReader reader = new BufferedReader(new InputStreamReader(is))) {
+                try (BufferedReader reader = new BufferedReader(new InputStreamReader(is, UTF_8))) {
                     String line = reader.readLine();
                     assertNotNull(line);
                     assertEquals(AntSlf4jServiceProvider.class.getName(), line.trim());

cli/src/test/java/org/owasp/dependencycheck/CliParserTest.java

@@ -23,7 +23,6 @@
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileNotFoundException;
-import java.io.IOException;
 import java.io.PrintStream;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -51,7 +50,7 @@ void testParse() throws Exception {
         String[] args = {};
 
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        System.setOut(new PrintStream(baos));
+        System.setOut(new PrintStream(baos, true, UTF_8));
 
         CliParser instance = new CliParser(getSettings());
         instance.parse(args);
@@ -165,8 +164,8 @@ void testParse_unknown() {
 
         ByteArrayOutputStream baos_out = new ByteArrayOutputStream();
         ByteArrayOutputStream baos_err = new ByteArrayOutputStream();
-        System.setOut(new PrintStream(baos_out));
-        System.setErr(new PrintStream(baos_err));
+        System.setOut(new PrintStream(baos_out, true, UTF_8));
+        System.setErr(new PrintStream(baos_err, true, UTF_8));
 
         CliParser instance = new CliParser(getSettings());
 
@@ -249,20 +248,16 @@ void testParse_printVersionInfo() {
 
         PrintStream out = System.out;
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        System.setOut(new PrintStream(baos));
+        System.setOut(new PrintStream(baos, true, UTF_8));
 
         CliParser instance = new CliParser(getSettings());
         instance.printVersionInfo();
         try {
-            baos.flush();
             String text = baos.toString(UTF_8).toLowerCase();
             String[] lines = text.split(System.lineSeparator());
             assertTrue(lines.length >= 1);
             assertTrue(text.contains("version"));
             assertFalse(text.contains("unknown"));
-        } catch (IOException ex) {
-            System.setOut(out);
-            fail("CliParser.printVersionInfo did not write anything to system.out.", ex);
         } finally {
             System.setOut(out);
         }
@@ -279,7 +274,7 @@ void testParse_printHelp() throws Exception {
 
         PrintStream out = System.out;
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        System.setOut(new PrintStream(baos));
+        System.setOut(new PrintStream(baos, true, UTF_8));
 
         CliParser instance = new CliParser(getSettings());
         String[] args = {"-h"};
@@ -289,14 +284,10 @@ void testParse_printHelp() throws Exception {
         instance.parse(args);
         instance.printHelp();
         try {
-            baos.flush();
             String text = (baos.toString(UTF_8));
             String[] lines = text.split(System.lineSeparator());
             assertTrue(lines[0].startsWith("usage: "));
             assertTrue((lines.length > 2));
-        } catch (IOException ex) {
-            System.setOut(out);
-            fail("CliParser.printVersionInfo did not write anything to system.out.");
         } finally {
             System.setOut(out);
         }

cli/src/test/java/org/owasp/dependencycheck/PluginLoaderTest.java

@@ -13,6 +13,7 @@
 import java.nio.file.Path;
 import java.util.regex.Pattern;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.matchesPattern;
 import static org.mockito.ArgumentMatchers.assertArg;
@@ -52,11 +53,11 @@ void shouldAddJarToClassPath() throws Exception {
     void shouldStopLoadingPluginsOnBadJarButSucceed() throws Exception {
         PrintStream originalErr = System.err;
         ByteArrayOutputStream errContent = new ByteArrayOutputStream();
-        System.setErr(new PrintStream(errContent));
+        System.setErr(new PrintStream(errContent, true, UTF_8));
         try {
             createEmptyBadJar();
             PluginLoader.premain(tempDir.toString(), instrumentation);
-            assertThat(errContent.toString(), matchesPattern(Pattern.compile("\\[WARN\\] Failed to read plugin jar file at .*/dummy.*\\.jar\\. Jar will not be available on classpath.*zip file is empty.*", Pattern.DOTALL)));
+            assertThat(errContent.toString(), matchesPattern(Pattern.compile("\\[WARN] Failed to read plugin jar file at .*/dummy.*\\.jar\\. Jar will not be available on classpath.*zip file is empty.*", Pattern.DOTALL)));
         } finally {
             System.setErr(originalErr);
         }

core/pom.xml

@@ -468,7 +468,6 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-dependency-plugin</artifactId>
-                        <version>${maven-dependency-plugin.version}</version>
                         <executions>
                             <execution>
                                 <id>copy-test-dependencies</id>

core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -30,7 +30,6 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
-import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Paths;
 import java.util.ArrayList;
@@ -520,8 +519,6 @@ private Properties retrievePomProperties(String path, final JarFile jar) {
             try (Reader reader = new InputStreamReader(jar.getInputStream(propEntry), StandardCharsets.UTF_8)) {
                 pomProperties.load(reader);
                 LOGGER.debug("Read pom.properties: {}", propPath);
-            } catch (UnsupportedEncodingException ex) {
-                LOGGER.trace("UTF-8 is not supported", ex);
             } catch (IOException ex) {
                 LOGGER.trace("Unable to read the POM properties", ex);
             }