Upgrade dependencies to latest versions

Author: douglasmiller

pom.xml

@@ -61,8 +61,8 @@
         <java.version>1.8</java.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <surefire.version>3.0.0-M4</surefire.version>
-        <jacoco.version>0.8.12</jacoco.version>
+        <surefire.version>3.5.5</surefire.version>
+        <jacoco.version>0.8.13</jacoco.version>
     </properties>
 
     <build>
@@ -83,7 +83,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.1</version>
+                <version>3.15.0</version>
                 <configuration>
                     <source>${java.version}</source>
                     <target>${java.version}</target>
@@ -142,7 +142,7 @@
             <plugin>
               <groupId>org.eluder.coveralls</groupId>
               <artifactId>coveralls-maven-plugin</artifactId>
-              <version>5.12.0</version>
+              <version>4.3.0</version>
               <configuration>
                 <!-- TODO: Don't commit repoToken pubically! Find a way to integrate securely -->
                 <repoToken>yourcoverallsprojectrepositorytoken</repoToken>
@@ -154,7 +154,7 @@
             <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-source-plugin</artifactId>
-              <version>2.2.1</version>
+              <version>3.4.0</version>
               <executions>
                 <execution>
                   <id>attach-sources</id>
@@ -167,7 +167,7 @@
             <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-javadoc-plugin</artifactId>
-              <version>3.1.1</version>
+              <version>3.12.0</version>
               <configuration>
                 <source>${java.version}</source>
                 <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
@@ -185,7 +185,7 @@
             <plugin>
               <groupId>org.apache.maven.plugins</groupId> 
               <artifactId>maven-gpg-plugin</artifactId>
-              <version>1.5</version> 
+              <version>3.2.8</version>
               <executions>
                 <execution>
                   <id>sign-artifacts</id> 
@@ -205,7 +205,7 @@
             <plugin>
               <groupId>org.sonatype.central</groupId>
               <artifactId>central-publishing-maven-plugin</artifactId>
-              <version>0.8.0</version>
+              <version>0.10.0</version>
               <extensions>true</extensions>
               <configuration>
                 <publishingServerId>central</publishingServerId>
@@ -215,7 +215,7 @@
             <plugin>
               <groupId>org.owasp</groupId>
               <artifactId>dependency-check-maven</artifactId>
-              <version>9.1.0</version>
+              <version>12.1.3</version>
             </plugin>
         </plugins>
     </build>
@@ -224,7 +224,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.9</version>
+            <version>2.13.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.surefire</groupId>
@@ -236,7 +236,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.6.2</version>
+            <version>5.12.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -264,30 +264,31 @@
         <dependency>
             <groupId>net.bytebuddy</groupId>
             <artifactId>byte-buddy</artifactId>
-            <version>1.14.18</version>
+            <version>1.18.8</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>net.bytebuddy</groupId>
             <artifactId>byte-buddy-agent</artifactId>
-            <version>1.14.18</version>
+            <version>1.18.8</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest-library</artifactId>
-            <version>2.2</version>
+            <artifactId>hamcrest</artifactId>
+            <version>3.0</version>
             <scope>test</scope>
         </dependency>
 
-        <!-- Specify versions of transitive dependencies
-            plexus:plexus-utils introduced through jacoco-maven-plugin, maven-compiler-plugin, and others
-              - can be removed when mvn dependency:list shows version 3.0.24 or higher and no snyk reported vulnerabilities
-        -->
+        <!-- Override transitive plexus-utils to ensure a CVE-free version.
+             Pulled in via test-scoped jacoco-maven-plugin and surefire deps.
+             Scoped to test so it does not appear in consumers' transitive deps.
+             Can be removed once those deps pull in 4.0.3+ transitively. -->
         <dependency>
           <groupId>org.codehaus.plexus</groupId>
           <artifactId>plexus-utils</artifactId>
-          <version>3.5.1</version>
+          <version>4.0.3</version>
+          <scope>test</scope>
         </dependency>
     </dependencies>
 </project>