|
132 | 132 |
|
133 | 133 | <properties> |
134 | 134 | <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> |
135 | | - <version.jmh>1.28</version.jmh> |
| 135 | + <project.java.target>1.7</project.java.target> |
| 136 | + <version.findsecbugs>1.11.0</version.findsecbugs> |
| 137 | + <version.jmh>1.35</version.jmh> |
136 | 138 | <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 --> |
137 | 139 | <version.powermock>2.0.7</version.powermock> |
138 | | - <version.spotbugs>4.5.3</version.spotbugs> |
139 | | - <version.spotbugs.maven>4.2.2</version.spotbugs.maven> |
| 140 | + <version.spotbugs>4.6.0</version.spotbugs> |
| 141 | + <version.spotbugs.maven>4.6.0.0</version.spotbugs.maven> |
140 | 142 | <version.surefire>3.0.0-M5</version.surefire> |
141 | 143 | </properties> |
142 | 144 |
|
|
198 | 200 | <groupId>commons-logging</groupId> |
199 | 201 | <artifactId>commons-logging</artifactId> |
200 | 202 | </exclusion> |
| 203 | + <exclusion> |
| 204 | + <groupId>xml-apis</groupId> |
| 205 | + <artifactId>xml-apis</artifactId> |
| 206 | + </exclusion> |
201 | 207 | </exclusions> |
202 | 208 | </dependency> |
203 | 209 | <dependency> |
|
237 | 243 | <dependency> |
238 | 244 | <groupId>org.owasp.antisamy</groupId> |
239 | 245 | <artifactId>antisamy</artifactId> |
| 246 | + <!-- TODO: needs to be 1.6.6.1 before release --> |
240 | 247 | <version>1.6.5</version> |
241 | 248 | <exclusions> |
242 | | - <!-- excluded because we pick up much newer version --> |
| 249 | + <!-- excluded because version from AntiSamy is too new (Requires Java 8) --> |
243 | 250 | <exclusion> |
244 | 251 | <groupId>commons-io</groupId> |
245 | 252 | <artifactId>commons-io</artifactId> |
246 | 253 | </exclusion> |
| 254 | + <!-- TODO: This is only needed for AntiSamy 1.6.5, not 1.6.6.1. |
| 255 | + Remove this exclusion when AntiSamy 1.6.6.1 is included. --> |
247 | 256 | <exclusion> |
248 | 257 | <groupId>org.slf4j</groupId> |
249 | 258 | <artifactId>slf4j-api</artifactId> |
250 | 259 | </exclusion> |
| 260 | + <!-- TODO: The neko-htmlunit exclusion here and inclusion next, is needed for AntiSamy 1.6.6.1. |
| 261 | + Remove this comment when AntiSamy 1.6.6.1 is included. --> |
| 262 | + <exclusion> |
| 263 | + <groupId>net.sourceforge.htmlunit</groupId> |
| 264 | + <artifactId>neko-htmlunit</artifactId> |
| 265 | + </exclusion> |
| 266 | + </exclusions> |
| 267 | + </dependency> |
| 268 | + <dependency> |
| 269 | + <groupId>net.sourceforge.htmlunit</groupId> |
| 270 | + <artifactId>neko-htmlunit</artifactId> |
| 271 | + <version>2.24</version> |
| 272 | + <exclusions> |
| 273 | + <!-- excluded because this conflicts with the version imported by AntiSamy --> |
| 274 | + <exclusion> |
| 275 | + <groupId>xerces</groupId> |
| 276 | + <artifactId>xercesImpl</artifactId> |
| 277 | + </exclusion> |
251 | 278 | </exclusions> |
252 | 279 | </dependency> |
253 | 280 | <dependency> |
254 | 281 | <groupId>org.slf4j</groupId> |
255 | 282 | <artifactId>slf4j-api</artifactId> |
256 | | - <version>1.7.35</version> |
| 283 | + <version>1.7.36</version> |
257 | 284 | </dependency> |
258 | 285 | <dependency> |
259 | 286 | <groupId>xml-apis</groupId> |
|
273 | 300 | <version>2.6</version> |
274 | 301 | </dependency> |
275 | 302 |
|
276 | | - |
277 | 303 | <!-- SpotBugs dependencies --> |
278 | 304 | <dependency> |
279 | 305 | <groupId>com.github.spotbugs</groupId> |
|
298 | 324 | <dependency> |
299 | 325 | <groupId>org.bouncycastle</groupId> |
300 | 326 | <artifactId>bcprov-jdk15on</artifactId> |
301 | | - <version>1.68</version> |
| 327 | + <version>1.70</version> |
302 | 328 | <scope>test</scope> |
303 | 329 | </dependency> |
304 | 330 | <dependency> |
|
404 | 430 | <plugin> |
405 | 431 | <groupId>org.apache.maven.plugins</groupId> |
406 | 432 | <artifactId>maven-dependency-plugin</artifactId> |
407 | | - <version>3.1.2</version> |
| 433 | + <version>3.3.0</version> |
408 | 434 | </plugin> |
409 | 435 | <plugin> |
410 | 436 | <groupId>org.apache.maven.plugins</groupId> |
411 | 437 | <artifactId>maven-release-plugin</artifactId> |
412 | | - <version>3.0.0-M1</version> |
| 438 | + <version>3.0.0-M5</version> |
413 | 439 | </plugin> |
414 | 440 | </plugins> |
415 | 441 | </pluginManagement> |
|
430 | 456 | </dependencies> |
431 | 457 | </plugin> |
432 | 458 |
|
| 459 | + <plugin> |
| 460 | + <groupId>com.h3xstream.findsecbugs</groupId> |
| 461 | + <artifactId>findsecbugs-plugin</artifactId> |
| 462 | + <version>${version.findsecbugs}</version> |
| 463 | + </plugin> |
| 464 | + |
433 | 465 | <plugin> |
434 | 466 | <groupId>net.sourceforge.maven-taglib</groupId> |
435 | 467 | <artifactId>maven-taglib-plugin</artifactId> |
|
451 | 483 | <plugin> |
452 | 484 | <groupId>org.apache.maven.plugins</groupId> |
453 | 485 | <artifactId>maven-compiler-plugin</artifactId> |
454 | | - <version>3.8.1</version> |
| 486 | + <version>3.10.1</version> |
455 | 487 | <configuration> |
456 | | - <source>1.7</source> |
457 | | - <target>1.7</target> |
458 | | - <testSource>1.7</testSource> |
459 | | - <testTarget>1.7</testTarget> |
| 488 | + <source>${project.java.target}</source> |
| 489 | + <target>${project.java.target}</target> |
| 490 | + <testSource>${project.java.target}</testSource> |
| 491 | + <testTarget>${project.java.target}</testTarget> |
460 | 492 | <debug>true</debug> |
461 | 493 | <showWarnings>true</showWarnings> |
462 | 494 | <showDeprecation>false</showDeprecation> |
|
485 | 517 | <plugin> |
486 | 518 | <groupId>org.apache.maven.plugins</groupId> |
487 | 519 | <artifactId>maven-deploy-plugin</artifactId> |
488 | | - <version>3.0.0-M1</version> |
| 520 | + <version>3.0.0-M2</version> |
489 | 521 | </plugin> |
490 | 522 |
|
491 | 523 | <plugin> |
|
500 | 532 | <plugin> |
501 | 533 | <groupId>org.apache.maven.plugins</groupId> |
502 | 534 | <artifactId>maven-enforcer-plugin</artifactId> |
503 | | - <version>3.0.0-M3</version> |
| 535 | + <version>3.0.0</version> |
504 | 536 | <dependencies> |
505 | 537 | <dependency> |
506 | 538 | <groupId>org.codehaus.mojo</groupId> |
507 | 539 | <artifactId>extra-enforcer-rules</artifactId> |
508 | | - <version>1.3</version> |
| 540 | + <version>1.5.1</version> |
509 | 541 | </dependency> |
510 | 542 | <dependency> |
511 | 543 | <groupId>org.codehaus.mojo</groupId> |
512 | 544 | <artifactId>animal-sniffer-enforcer-rule</artifactId> |
513 | | - <!-- Updating to 1.19 causes LOTS of errors in 'mvn site' and 1.18 requires Java 8 so leaving it at 1.17. --> |
514 | | - <version>1.17</version> |
| 545 | + <version>1.21</version> |
515 | 546 | </dependency> |
516 | 547 | </dependencies> |
517 | 548 | <executions> |
|
537 | 568 | <rules> |
538 | 569 | <dependencyConvergence/> |
539 | 570 | <requireJavaVersion> |
540 | | - <version>1.7</version> |
| 571 | + <version>${project.java.target}</version> |
541 | 572 | <message> |
542 | 573 | ESAPI 2.x now uses the JDK1.7 for its baseline. Please make sure that your |
543 | 574 | JAVA_HOME environment variable is pointed to a JDK1.7 or later distribution. |
|
576 | 607 | <plugin> |
577 | 608 | <groupId>org.apache.maven.plugins</groupId> |
578 | 609 | <artifactId>maven-gpg-plugin</artifactId> |
579 | | - <version>1.6</version> |
| 610 | + <version>3.0.1</version> |
580 | 611 | <executions> |
581 | 612 | <execution> |
582 | 613 | <id>sign-artifacts</id> |
|
595 | 626 | <plugin> |
596 | 627 | <groupId>org.apache.maven.plugins</groupId> |
597 | 628 | <artifactId>maven-jar-plugin</artifactId> |
598 | | - <version>3.2.0</version> |
| 629 | + <version>3.2.2</version> |
599 | 630 | <configuration> |
600 | 631 | <archive> |
601 | 632 | <manifest> |
|
609 | 640 | <plugin> |
610 | 641 | <groupId>org.apache.maven.plugins</groupId> |
611 | 642 | <artifactId>maven-javadoc-plugin</artifactId> |
612 | | - <version>3.2.0</version> |
| 643 | + <version>3.3.2</version> |
613 | 644 | <configuration> |
614 | 645 | <source>7</source> |
615 | 646 | <doclint>none</doclint> |
|
625 | 656 | </plugin> |
626 | 657 |
|
627 | 658 | <plugin> |
628 | | - <groupId>org.apache.maven.plugins</groupId> |
629 | | - <artifactId>maven-jxr-plugin</artifactId> |
630 | | - <version>3.0.0</version> |
| 659 | + <groupId>org.apache.maven.plugins</groupId> |
| 660 | + <artifactId>maven-jxr-plugin</artifactId> |
| 661 | + <version>3.1.1</version> |
631 | 662 | </plugin> |
632 | 663 |
|
633 | 664 | <plugin> |
634 | | - <groupId>org.apache.maven.plugins</groupId> |
635 | | - <artifactId>maven-pmd-plugin</artifactId> |
636 | | - <version>3.14.0</version> |
| 665 | + <groupId>org.apache.maven.plugins</groupId> |
| 666 | + <artifactId>maven-pmd-plugin</artifactId> |
| 667 | + <version>3.16.0</version> |
| 668 | + <dependencies> |
| 669 | + <!-- Without this, 3.15.0+ causes lots of warning like: [WARNING] Could not find class org.owasp.validator.html.util.ErrorMessageUtil, |
| 670 | + due to: java.lang.IncompatibleClassChangeError: class net.sourceforge.pmd.lang.java.typeresolution.visitors.PMDASMVisitor |
| 671 | + has interface org.objectweb.asm.ClassVisitor as super class. |
| 672 | + However, these warnings don't adversely affect the PMD results, so we are keeping this upgrade. --> |
| 673 | + <dependency> |
| 674 | + <groupId>org.ow2.asm</groupId> |
| 675 | + <artifactId>asm</artifactId> |
| 676 | + <version>9.2</version> |
| 677 | + </dependency> |
| 678 | + </dependencies> |
637 | 679 | </plugin> |
638 | 680 |
|
639 | 681 | <plugin> |
640 | 682 | <groupId>org.apache.maven.plugins</groupId> |
641 | 683 | <artifactId>maven-project-info-reports-plugin</artifactId> |
642 | | - <version>3.1.1</version> |
| 684 | + <version>3.1.2</version> |
643 | 685 | </plugin> |
644 | 686 |
|
645 | 687 | <plugin> |
|
651 | 693 | <plugin> |
652 | 694 | <groupId>org.apache.maven.plugins</groupId> |
653 | 695 | <artifactId>maven-site-plugin</artifactId> |
654 | | - <version>3.9.1</version> |
| 696 | + <version>3.11.0</version> |
655 | 697 | </plugin> |
656 | 698 |
|
657 | 699 | <plugin> |
|
700 | 742 | <plugin> |
701 | 743 | <groupId>org.codehaus.mojo</groupId> |
702 | 744 | <artifactId>versions-maven-plugin</artifactId> |
703 | | - <version>2.8.1</version> |
| 745 | + <version>2.10.0</version> |
704 | 746 | </plugin> |
705 | 747 |
|
706 | 748 | <plugin> |
|
712 | 754 | <plugin> |
713 | 755 | <groupId>org.owasp</groupId> |
714 | 756 | <artifactId>dependency-check-maven</artifactId> |
715 | | - <version>6.1.6</version> |
| 757 | + <version>7.0.4</version> |
716 | 758 | <configuration> |
717 | 759 | <failBuildOnCVSS>1.0</failBuildOnCVSS> |
718 | 760 | <suppressionFiles>./suppressions.xml</suppressionFiles> |
|
781 | 823 | <reportSets> |
782 | 824 | <reportSet> |
783 | 825 | <reports> |
| 826 | + <report>index</report> |
784 | 827 | <report>dependency-convergence</report> |
785 | 828 | </reports> |
786 | 829 | </reportSet> |
|
845 | 888 | <plugin> |
846 | 889 | <groupId>com.h3xstream.findsecbugs</groupId> |
847 | 890 | <artifactId>findsecbugs-plugin</artifactId> |
848 | | - <version>1.10.1</version> |
| 891 | + <version>${version.findsecbugs}</version> |
849 | 892 | </plugin> |
850 | 893 | </plugins> |
851 | 894 | <effort>Max</effort> |
|
877 | 920 |
|
878 | 921 | <plugin> |
879 | 922 | <artifactId>maven-jar-plugin</artifactId> |
880 | | - |
881 | 923 | <!-- |
882 | 924 | <executions> |
883 | 925 | <execution> |
|
891 | 933 | <configuration> |
892 | 934 | <!-- |
893 | 935 | <keystore>codesign.keystore</keystore> |
894 | | - <alias>owasp foundation, inc.'s godaddy.com, inc. id</alias> |
| 936 | + <alias>OWASP Foundation, Inc.'s GoDaddy.com ID</alias> |
895 | 937 | <verify>true</verify> |
896 | 938 | --> |
897 | 939 | <archive> |
|
934 | 976 | <plugin> |
935 | 977 | <groupId>org.apache.maven.plugins</groupId> |
936 | 978 | <artifactId>maven-release-plugin</artifactId> |
937 | | - <version>2.5.3</version> |
938 | 979 | <configuration> |
939 | 980 | <tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase> |
940 | 981 | </configuration> |
|
0 commit comments