Merge remote-tracking branch 'origin/master'

Author: stevespringett

.github/workflows/codeql-analysis.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2.4.0
+      uses: actions/checkout@v3.0.2
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -38,7 +38,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -49,7 +49,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -63,4 +63,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/docs.yml

@@ -12,9 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v2.4.0
+      - uses: actions/checkout@v3.0.2
       - name: Set up JDK 8
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: temurin
           java-version: 8

.github/workflows/maven.yml

@@ -12,9 +12,9 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2.4.0
+    - uses: actions/checkout@v3.0.2
     - name: Set up JDK ${{ matrix.java-version }}
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v3
       with:
         distribution: ${{ matrix.distro }}
         java-version: ${{ matrix.java-version }}

pom.xml

@@ -78,7 +78,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- Maven Plugin Versions -->
         <maven.cyclonedx.plugin.version>2.5.3</maven.cyclonedx.plugin.version>
-        <maven.javadoc.plugin.version>3.3.1</maven.javadoc.plugin.version>
+        <maven.javadoc.plugin.version>3.4.0</maven.javadoc.plugin.version>
         <maven.source.plugin.version>3.2.1</maven.source.plugin.version>
         <maven.jar.plugin.version>3.2.0</maven.jar.plugin.version>
         <maven.github.release.plugin.version>1.4.0</maven.github.release.plugin.version>
@@ -169,15 +169,15 @@
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-xml</artifactId>
-            <version>2.13.1</version>
+            <version>2.13.2</version>
         </dependency>
 
         <!-- JSON Schema library -->
 
         <dependency>
             <groupId>com.networknt</groupId>
             <artifactId>json-schema-validator</artifactId>
-            <version>1.0.66</version>
+            <version>1.0.69</version>
         </dependency>
 
         <!-- Unit Test -->
@@ -267,7 +267,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.0.0-M5</version>
+                    <version>3.0.0-M6</version>
                 </plugin>
             </plugins>
         </pluginManagement>

src/main/java/org/cyclonedx/model/vulnerability/Vulnerability10.java

@@ -29,7 +29,6 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import org.cyclonedx.model.ExtensibleType;
-import org.cyclonedx.model.Source;
 
 @JsonRootName(Vulnerability10.NAME)
 public class Vulnerability10

src/main/java/org/cyclonedx/util/DependencySerializer.java

@@ -32,11 +32,8 @@
 
 public class DependencySerializer extends StdSerializer<List<Dependency>>
 {
-  private final String NAMESPACE_PREFIX = "dg";
-  private final String DEPENDENCY = "dependency";
-  private final String DEPENDENCIES = "dependencies";
   private final String REF = "ref";
-  private final String NAMESPACE_URI = "http://cyclonedx.org/schema/ext/dependency-graph/1.0";
+
   private boolean useNamespace = false;
 
   public DependencySerializer(final boolean useNamespace) {
@@ -91,18 +88,7 @@ private void writeXMLDependenciesWithGenerator(final ToXmlGenerator toXmlGenerat
       throws IOException, XMLStreamException
   {
     if (dependencies != null && !dependencies.isEmpty()) {
-      QName qName;
-
-      if (useNamespace) {
-        qName = new QName(NAMESPACE_URI, DEPENDENCIES, NAMESPACE_PREFIX);
-        toXmlGenerator.getStaxWriter().setPrefix(qName.getPrefix(), qName.getNamespaceURI());
-      } else {
-        qName = new QName(DEPENDENCIES);
-      }
-
-      toXmlGenerator.setNextName(qName);
-      toXmlGenerator.writeStartObject();
-      toXmlGenerator.writeFieldName(qName.getLocalPart());
+      processNamespace(toXmlGenerator, "dependencies");
       toXmlGenerator.writeStartArray();
 
       for (Dependency dependency : dependencies) {
@@ -117,18 +103,7 @@ private void writeXMLDependenciesWithGenerator(final ToXmlGenerator toXmlGenerat
   private void writeXMLDependency(final Dependency dependency, final ToXmlGenerator generator)
       throws IOException, XMLStreamException
   {
-    QName qName;
-    if (useNamespace) {
-      qName = new QName(NAMESPACE_URI, DEPENDENCY, NAMESPACE_PREFIX);
-      generator.getStaxWriter().setPrefix(qName.getPrefix(), qName.getNamespaceURI());
-    } else {
-      qName = new QName(DEPENDENCY);
-    }
-
-    generator.setNextName(qName);
-
-    generator.writeStartObject();
-    generator.writeFieldName(qName.getLocalPart());
+    processNamespace(generator, "dependency");
 
     if (dependency.getDependencies() != null && !dependency.getDependencies().isEmpty()) {
       generator.writeStartArray();
@@ -152,4 +127,21 @@ private void writeXMLDependency(final Dependency dependency, final ToXmlGenerato
 
     generator.writeEndObject();
   }
+
+  private void processNamespace(final ToXmlGenerator toXmlGenerator, final String dependencies)
+      throws XMLStreamException, IOException
+  {
+    QName qName;
+
+    if (useNamespace) {
+      qName = new QName("http://cyclonedx.org/schema/ext/dependency-graph/1.0", dependencies, "dg");
+      toXmlGenerator.getStaxWriter().setPrefix(qName.getPrefix(), qName.getNamespaceURI());
+    } else {
+      qName = new QName(dependencies);
+    }
+
+    toXmlGenerator.setNextName(qName);
+    toXmlGenerator.writeStartObject();
+    toXmlGenerator.writeFieldName(qName.getLocalPart());
+  }
 }

src/main/java/org/cyclonedx/util/ExtensibleTypesSerializer.java

@@ -35,8 +35,6 @@ public class ExtensibleTypesSerializer extends StdSerializer<List<ExtensibleType
 {
   private final String XMLNS = "xmlns";
 
-  private final String DEFAULT_VALID_NAMESPACE = "http://www.w3.org/1999/xhtml";
-
   public ExtensibleTypesSerializer() {
     this(null);
   }
@@ -70,7 +68,7 @@ public void serialize(
               }
             }
           } else {
-            staxWriter.writeStartElement(ext.getNamespace(), ext.getName(), DEFAULT_VALID_NAMESPACE);
+            staxWriter.writeStartElement(ext.getNamespace(), ext.getName(), "http://www.w3.org/1999/xhtml");
           }
 
           if (ext.getExtensibleTypes() != null && !ext.getExtensibleTypes().isEmpty()) {

src/main/java/org/cyclonedx/util/ExtensionDeserializer.java

@@ -43,7 +43,6 @@
 import org.cyclonedx.model.vulnerability.Vulnerability10.Score;
 import org.cyclonedx.model.vulnerability.Vulnerability10.ScoreSource;
 import org.cyclonedx.model.vulnerability.Vulnerability10.Severity;
-import org.cyclonedx.model.Source;
 
 public class ExtensionDeserializer extends StdDeserializer<Extension>
 {

src/main/java/org/cyclonedx/util/TrimStringSerializer.java

@@ -19,7 +19,6 @@
 package org.cyclonedx.util;
 
 import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdScalarSerializer;
 import java.io.IOException;

src/main/java/org/cyclonedx/util/VulnerabilityDeserializer.java

@@ -18,8 +18,6 @@
  */
 package org.cyclonedx.util;
 
-import java.util.ArrayList;
-import java.util.ArrayList;
 import java.util.List;
 
 import com.fasterxml.jackson.core.JsonParser;