build: consolidate transitives/exclusions to avoid dependency clashes

- migrates to maintained org.json:json artifact
- removes unnecessary excludes
- fixes excludes for bouncycastle and unnecessary guava pieces

Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com>

Author: chadlwilson

ant/pom.xml

@@ -226,7 +226,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
             <groupId>org.owasp</groupId>
             <artifactId>dependency-check-core</artifactId>
             <version>${project.parent.version}</version>
-            <type>test-jar</type>
+            <classifier>tests</classifier>
             <scope>test</scope>
         </dependency>
         <dependency>

cli/pom.xml

@@ -174,10 +174,6 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
                     <groupId>org.apache.ant</groupId>
                     <artifactId>ant-launcher</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>com.sun</groupId>
-                    <artifactId>tools</artifactId>
-                </exclusion>
             </exclusions>
         </dependency>
     </dependencies>

core/pom.xml

@@ -163,16 +163,9 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                 <artifactId>maven-jar-plugin</artifactId>
                 <executions>
                     <execution>
-                        <id>test-jar</id>
-                        <phase>package</phase>
                         <goals>
                             <goal>test-jar</goal>
                         </goals>
-                        <configuration>
-                            <includes>
-                                <include>**/*.class</include>
-                            </includes>
-                        </configuration>
                     </execution>
                 </executions>
             </plugin>
@@ -278,6 +271,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <groupId>org.slf4j</groupId>
             <artifactId>jul-to-slf4j</artifactId>
         </dependency>
+        <!-- Allow redirection of Commons Logging to slf4j -->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity-engine-core</artifactId>
@@ -377,9 +375,8 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <version>1.3.1</version>
         </dependency>
         <dependency>
-            <groupId>com.vaadin.external.google</groupId>
-            <artifactId>android-json</artifactId>
-            <version>0.0.20131108.vaadin1</version>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
         </dependency>
     </dependencies>
     <profiles>

core/src/main/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzer.java

@@ -443,7 +443,7 @@ private static List<Advisory> parseAdvisoryJsons(List<JSONObject> advisoryJsons)
             final var advisory = new Advisory();
             final var object = advisoryJson.getJSONObject("children");
             final var moduleName = advisoryJson.optString("value", null);
-            final var id = object.getString("ID");
+            final var id = object.get("ID");
             final var url = object.optString("URL", null);
             final var ghsaId = extractGhsaId(url);
             final var issue = object.optString("Issue", null);

core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java

@@ -31,7 +31,6 @@
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.message.BasicHeader;
-import org.json.JSONException;
 import org.json.JSONObject;
 import org.owasp.dependencycheck.utils.DownloadFailedException;
 import org.owasp.dependencycheck.utils.Downloader;
@@ -171,7 +170,7 @@ private List<Advisory> submitPackage(JsonObject packageJson, String key, int cou
                 cache.put(key, advisories);
             }
             return advisories;
-        } catch (RuntimeException | URISyntaxException | JSONException | TooManyRequestsException | ResourceNotFoundException ex) {
+        } catch (RuntimeException | URISyntaxException | TooManyRequestsException | ResourceNotFoundException ex) {
             LOGGER.debug("Error connecting to Node Audit API. Error: {}",
                     ex.getMessage());
             throw new SearchException("Could not connect to Node Audit API: " + ex.getMessage(), ex);

maven/pom.xml

@@ -92,17 +92,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             </plugin>
         </plugins>
     </reporting>
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.apache.maven</groupId>
-                <artifactId>maven-resolver-provider</artifactId>
-                <version>${maven.api.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
     <dependencies>
         <dependency>
             <groupId>org.owasp</groupId>
@@ -181,11 +170,6 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <artifactId>maven-artifact</artifactId>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.maven.resolver</groupId>
-            <artifactId>maven-resolver-api</artifactId>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.maven.shared</groupId>
             <artifactId>maven-common-artifact-filters</artifactId>