|
62 | 62 | <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> |
63 | 63 | <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> |
64 | 64 | <okhttp3.version>4.12.0</okhttp3.version> |
65 | | - <surefire.version>3.0.0-M4</surefire.version> |
66 | | - <jacoco.version>0.8.12</jacoco.version> |
| 65 | + <surefire.version>3.5.5</surefire.version> |
| 66 | + <jacoco.version>0.8.13</jacoco.version> |
67 | 67 | </properties> |
68 | 68 |
|
69 | 69 | <build> |
|
84 | 84 | <plugin> |
85 | 85 | <groupId>org.apache.maven.plugins</groupId> |
86 | 86 | <artifactId>maven-compiler-plugin</artifactId> |
87 | | - <version>3.8.1</version> |
| 87 | + <version>3.15.0</version> |
88 | 88 | <configuration> |
89 | 89 | <source>${java.version}</source> |
90 | 90 | <target>${java.version}</target> |
|
155 | 155 | <plugin> |
156 | 156 | <groupId>org.apache.maven.plugins</groupId> |
157 | 157 | <artifactId>maven-source-plugin</artifactId> |
158 | | - <version>2.2.1</version> |
| 158 | + <version>3.4.0</version> |
159 | 159 | <executions> |
160 | 160 | <execution> |
161 | 161 | <id>attach-sources</id> |
|
168 | 168 | <plugin> |
169 | 169 | <groupId>org.apache.maven.plugins</groupId> |
170 | 170 | <artifactId>maven-javadoc-plugin</artifactId> |
171 | | - <version>3.1.1</version> |
| 171 | + <version>3.12.0</version> |
172 | 172 | <configuration> |
173 | 173 | <source>${java.version}</source> |
174 | 174 | <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable> |
|
186 | 186 | <plugin> |
187 | 187 | <groupId>org.apache.maven.plugins</groupId> |
188 | 188 | <artifactId>maven-gpg-plugin</artifactId> |
189 | | - <version>1.5</version> |
| 189 | + <version>3.2.8</version> |
190 | 190 | <executions> |
191 | 191 | <execution> |
192 | 192 | <id>sign-artifacts</id> |
|
206 | 206 | <plugin> |
207 | 207 | <groupId>org.sonatype.central</groupId> |
208 | 208 | <artifactId>central-publishing-maven-plugin</artifactId> |
209 | | - <version>0.8.0</version> |
| 209 | + <version>0.10.0</version> |
210 | 210 | <extensions>true</extensions> |
211 | 211 | <configuration> |
212 | 212 | <publishingServerId>central</publishingServerId> |
|
216 | 216 | <plugin> |
217 | 217 | <groupId>org.owasp</groupId> |
218 | 218 | <artifactId>dependency-check-maven</artifactId> |
219 | | - <version>9.1.0</version> |
| 219 | + <version>12.1.3</version> |
220 | 220 | </plugin> |
221 | 221 | </plugins> |
222 | 222 | </build> |
|
225 | 225 | <dependency> |
226 | 226 | <groupId>com.google.code.gson</groupId> |
227 | 227 | <artifactId>gson</artifactId> |
228 | | - <version>2.8.9</version> |
| 228 | + <version>2.13.1</version> |
229 | 229 | </dependency> |
230 | 230 | <dependency> |
231 | 231 | <groupId>com.squareup.okhttp3</groupId> |
|
243 | 243 | <version>${okhttp3.version}</version> |
244 | 244 | <scope>test</scope> |
245 | 245 | </dependency> |
246 | | - <dependency> |
247 | | - <groupId>joda-time</groupId> |
248 | | - <artifactId>joda-time</artifactId> |
249 | | - <version>2.10.6</version> |
250 | | - </dependency> |
251 | | - <dependency> |
252 | | - <groupId>com.fatboyindustrial.gson-jodatime-serialisers</groupId> |
253 | | - <artifactId>gson-jodatime-serialisers</artifactId> |
254 | | - <version>1.8.0</version> |
255 | | - </dependency> |
| 246 | + |
256 | 247 | <dependency> |
257 | 248 | <groupId>org.apache.maven.surefire</groupId> |
258 | 249 | <artifactId>surefire</artifactId> |
|
263 | 254 | <dependency> |
264 | 255 | <groupId>org.junit.jupiter</groupId> |
265 | 256 | <artifactId>junit-jupiter-engine</artifactId> |
266 | | - <version>5.6.2</version> |
| 257 | + <version>5.12.2</version> |
267 | 258 | <scope>test</scope> |
268 | 259 | </dependency> |
269 | 260 | <dependency> |
|
276 | 267 | <dependency> |
277 | 268 | <groupId>org.mockito</groupId> |
278 | 269 | <artifactId>mockito-core</artifactId> |
279 | | - <version>4.4.0</version> |
| 270 | + <version>4.11.0</version> |
280 | 271 | <scope>test</scope> |
281 | 272 | </dependency> |
282 | 273 | <dependency> |
283 | 274 | <groupId>org.mockito</groupId> |
284 | 275 | <artifactId>mockito-inline</artifactId> |
285 | | - <version>4.4.0</version> |
| 276 | + <version>4.11.0</version> |
| 277 | + <scope>test</scope> |
| 278 | + </dependency> |
| 279 | + <!-- Override Byte Buddy to a version that supports Java 21 (65) and above. |
| 280 | + Mockito 4.11.0 bundles Byte Buddy 1.12.19 which only supports up to Java 20 (64). |
| 281 | + Byte Buddy 1.14.9+ supports Java 21 while remaining compatible with Java 8. --> |
| 282 | + <dependency> |
| 283 | + <groupId>net.bytebuddy</groupId> |
| 284 | + <artifactId>byte-buddy</artifactId> |
| 285 | + <version>1.18.8</version> |
286 | 286 | <scope>test</scope> |
287 | 287 | </dependency> |
288 | 288 | <dependency> |
289 | | - <groupId>org.hamcrest</groupId> |
290 | | - <artifactId>hamcrest-library</artifactId> |
291 | | - <version>2.2</version> |
| 289 | + <groupId>net.bytebuddy</groupId> |
| 290 | + <artifactId>byte-buddy-agent</artifactId> |
| 291 | + <version>1.18.8</version> |
292 | 292 | <scope>test</scope> |
293 | 293 | </dependency> |
294 | 294 |
|
295 | | - <!-- Specify versions of transitive dependencies |
296 | | - plexus:plexus-utils introduced through jacoco-maven-plugin, maven-compiler-plugin, and others |
297 | | - - can be removed when mvn dependency:list shows version 3.0.24 or higher and no snyk reported vulnerabilities |
298 | | - --> |
| 295 | + <!-- Override transitive plexus-utils to ensure a CVE-free version. |
| 296 | + Pulled in via test-scoped jacoco-maven-plugin and surefire deps. |
| 297 | + Scoped to test so it does not appear in consumers' transitive deps. |
| 298 | + Can be removed once those deps pull in 4.0.3+ transitively. --> |
299 | 299 | <dependency> |
300 | 300 | <groupId>org.codehaus.plexus</groupId> |
301 | 301 | <artifactId>plexus-utils</artifactId> |
302 | | - <version>3.5.1</version> |
| 302 | + <version>4.0.3</version> |
| 303 | + <scope>test</scope> |
303 | 304 | </dependency> |
304 | 305 | </dependencies> |
305 | 306 | </project> |
0 commit comments