Merge pull request #584 from DependencyTrack/pom-cleanup

Bump dependencies and re-enable checkstyle

.checkstyle.xml

@@ -6,7 +6,7 @@
     <property name="localeLanguage" value="en"/>
     <module name="Header">
         <property name="charset" value="UTF-8"/>
-        <property name="headerFile" value=".checkstyle-header"/>
+        <!-- <property name="headerFile" value=".checkstyle-header"/> -->
     </module>
     <module name="TreeWalker">
         <module name="AvoidStarImport"/>

pom.xml

@@ -86,41 +86,44 @@
         <lib.alpine.version>${project.parent.version}</lib.alpine.version>
         <lib.awaitility.version>4.2.0</lib.awaitility.version>
         <lib.cel-tools.version>0.4.4</lib.cel-tools.version>
-        <lib.cloud-sql-postgres-socket-factory.version>1.14.1</lib.cloud-sql-postgres-socket-factory.version>
-        <lib.cpe-parser.version>2.0.2</lib.cpe-parser.version>
+        <lib.checkstyle.version>10.13.0</lib.checkstyle.version>
+        <lib.cloud-sql-postgres-socket-factory.version>1.16.0</lib.cloud-sql-postgres-socket-factory.version>
+        <lib.commons-compress.version>1.25.0</lib.commons-compress.version>
+        <lib.cpe-parser.version>2.1.0</lib.cpe-parser.version>
         <lib.cvss-calculator.version>1.4.2</lib.cvss-calculator.version>
         <lib.owasp-rr-calculator.version>1.0.1</lib.owasp-rr-calculator.version>
         <lib.cyclonedx-java.version>8.0.3</lib.cyclonedx-java.version>
-        <lib.jackson.version>2.16.0</lib.jackson.version>
-        <lib.jackson-databind.version>2.15.2</lib.jackson-databind.version>
+        <lib.jackson.version>2.16.1</lib.jackson.version>
+        <lib.jackson-databind.version>2.16.1</lib.jackson-databind.version>
         <lib.jaxb.runtime.version>2.3.6</lib.jaxb.runtime.version>
-        <lib.jdbi.version>3.42.0</lib.jdbi.version>
+        <lib.jdbi.version>3.45.0</lib.jdbi.version>
         <lib.json-unit.version>3.2.4</lib.json-unit.version>
         <lib.kafka.version>3.6.1</lib.kafka.version>
         <lib.kafka-junit.version>3.6.0</lib.kafka-junit.version>
+        <lib.liquibase.version>4.26.0</lib.liquibase.version>
         <lib.micrometer-jvm-extras.version>0.2.2</lib.micrometer-jvm-extras.version>
-        <lib.packageurl.version>1.4.1</lib.packageurl.version>
+        <lib.minio.version>8.5.8</lib.minio.version>
+        <lib.packageurl.version>1.5.0</lib.packageurl.version>
         <lib.parallel-consumer.version>0.5.2.8</lib.parallel-consumer.version>
-        <lib.pebble.version>3.2.0</lib.pebble.version>
+        <lib.pebble.version>3.2.2</lib.pebble.version>
         <lib.protobuf-java.version>3.25.3</lib.protobuf-java.version>
         <lib.testcontainers.version>1.18.3</lib.testcontainers.version>
-        <lib.resilience4j.version>2.1.0</lib.resilience4j.version>
-        <lib.snappy-java.version>1.1.10.5</lib.snappy-java.version>
+        <lib.resilience4j.version>2.2.0</lib.resilience4j.version>
+        <lib.system-rules.version>1.19.0</lib.system-rules.version>
         <lib.versatile.version>0.4.1</lib.versatile.version>
-        <lib.woodstox.version>6.4.0</lib.woodstox.version>
+        <lib.woodstox.version>6.6.0</lib.woodstox.version>
         <lib.junit-params.version>1.1.1</lib.junit-params.version>
         <lib.log4j-over-slf4j.version>2.0.12</lib.log4j-over-slf4j.version>
-        <lib.signpost-core.version>2.1.1</lib.signpost-core.version>
         <lib.httpclient.version>4.5.14</lib.httpclient.version>
         <lib.net.javacrumbs.shedlock.version>5.11.0</lib.net.javacrumbs.shedlock.version>
         <lib.javacron.version>1.4.0</lib.javacron.version>
-        <!-- JDBC Drivers -->
-        <lib.jdbc-driver.postgresql.version>42.7.0</lib.jdbc-driver.postgresql.version>
+        <lib.jdbc-driver.postgresql.version>42.7.1</lib.jdbc-driver.postgresql.version>
         <!-- Maven Plugin Properties -->
         <plugin.cyclonedx.projectType>application</plugin.cyclonedx.projectType>
         <plugin.cyclonedx.outputFormat>json</plugin.cyclonedx.outputFormat>
         <plugin.retirejs.breakOnFailure>false</plugin.retirejs.breakOnFailure>
         <!-- Maven Plugin Versions -->
+        <plugin.checkstyle.version>3.3.1</plugin.checkstyle.version>
         <plugin.protoc-jar.version>3.11.4</plugin.protoc-jar.version>
         <plugin.jetty.version>10.0.20</plugin.jetty.version>
         <!-- SonarCloud properties -->
@@ -130,8 +133,6 @@
         <!-- CycloneDX CLI -->
         <cyclonedx-cli.path>cyclonedx</cyclonedx-cli.path>
         <services.bom.merge.skip>true</services.bom.merge.skip>
-        <lib.liquibase.version>4.25.0</lib.liquibase.version>
-        <lib.minio.version>8.5.8</lib.minio.version>
     </properties>
 
     <repositories>
@@ -145,31 +146,6 @@
         </repository>
     </repositories>
 
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>us.springett</groupId>
-                <artifactId>alpine-executable-war</artifactId>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.eclipse.jetty</groupId>
-                        <artifactId>jetty-webapp-logging</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <dependency>
-                <!--
-                  Managing snappy-java to fix GHSA-qcwq-55hx-v3vh, GHSA-fjpj-2g6w-x25r, and GHSA-pqr6-cmr2-h8hf.
-                  Snappy is introduced via kafka-clients; Once kafka-clients bumps its snappy-java version, we can remove this.
-                -->
-                <groupId>org.xerial.snappy</groupId>
-                <artifactId>snappy-java</artifactId>
-                <version>${lib.snappy-java.version}</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <dependencies>
         <!-- Alpine -->
         <dependency>
@@ -436,7 +412,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.25.0</version>
+            <version>${lib.commons-compress.version}</version>
         </dependency>
         <!-- Resilience4J -->
         <dependency>
@@ -500,7 +476,7 @@
         <dependency>
             <groupId>com.github.stefanbirkner</groupId>
             <artifactId>system-rules</artifactId>
-            <version>1.19.0</version>
+            <version>${lib.system-rules.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -602,25 +578,25 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
-                <version>3.3.1</version>
+                <version>${plugin.checkstyle.version}</version>
                 <configuration>
                     <configLocation>${project.basedir}/.checkstyle.xml</configLocation>
                     <includeResources>false</includeResources>
                     <includeTestResources>false</includeTestResources>
                 </configuration>
-                <!--                <executions>-->
-                <!--                    <execution>-->
-                <!--                        <phase>validate</phase>-->
-                <!--                        <goals>-->
-                <!--                            <goal>check</goal>-->
-                <!--                        </goals>-->
-                <!--                    </execution>-->
-                <!--                </executions>-->
+                <executions>
+                    <execution>
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
                 <dependencies>
                     <dependency>
                         <groupId>com.puppycrawl.tools</groupId>
                         <artifactId>checkstyle</artifactId>
-                        <version>10.12.5</version>
+                        <version>${lib.checkstyle.version}</version>
                     </dependency>
                 </dependencies>
             </plugin>

src/main/java/org/dependencytrack/integrations/kenna/KennaDataTransformer.java

@@ -25,7 +25,6 @@
 import org.dependencytrack.model.Severity;
 import org.dependencytrack.model.Tag;
 import org.dependencytrack.model.Vulnerability;
-import org.dependencytrack.parser.common.resolver.CweResolver;
 import org.dependencytrack.persistence.QueryManager;
 import org.dependencytrack.util.DateUtil;
 import org.json.JSONArray;

src/main/java/org/dependencytrack/model/MetaModel.java

@@ -20,7 +20,6 @@
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import org.dependencytrack.model.Component;
 
 import java.util.Date;
 

src/main/java/org/dependencytrack/model/VulnerableSoftware.java

@@ -18,14 +18,9 @@
  */
 package org.dependencytrack.model;
 
-import alpine.common.validation.RegexSequence;
-import alpine.server.json.TrimmedStringDeserializer;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
-import org.dependencytrack.resources.v1.serializers.Iso8601DateSerializer;
 
 import javax.jdo.annotations.Column;
 import javax.jdo.annotations.Element;
@@ -38,12 +33,8 @@
 import javax.jdo.annotations.Persistent;
 import javax.jdo.annotations.PrimaryKey;
 import javax.jdo.annotations.Unique;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.Pattern;
-import javax.validation.constraints.Size;
 import java.io.Serializable;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;
 import java.util.UUID;
 

src/main/java/org/dependencytrack/persistence/PolicyQueryManager.java

@@ -33,7 +33,6 @@
 
 import javax.jdo.PersistenceManager;
 import javax.jdo.Query;
-import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;

src/main/java/org/dependencytrack/resources/v1/AccessControlResource.java

@@ -19,7 +19,6 @@
 package org.dependencytrack.resources.v1;
 
 import alpine.common.logging.Logger;
-import alpine.model.ConfigProperty;
 import alpine.model.Team;
 import alpine.persistence.PaginatedResult;
 import alpine.server.auth.PermissionRequired;
@@ -31,7 +30,6 @@
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.Authorization;
 import org.dependencytrack.auth.Permissions;
-import org.dependencytrack.model.ConfigPropertyConstants;
 import org.dependencytrack.model.Project;
 import org.dependencytrack.persistence.QueryManager;
 import org.dependencytrack.resources.v1.vo.AclMappingRequest;

src/main/java/org/dependencytrack/resources/v1/ConfigPropertyResource.java

@@ -19,7 +19,6 @@
 package org.dependencytrack.resources.v1;
 
 import alpine.model.ConfigProperty;
-import alpine.model.IConfigProperty;
 import alpine.server.auth.PermissionRequired;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;

src/main/java/org/dependencytrack/resources/v1/VexResource.java

@@ -34,7 +34,6 @@
 import org.cyclonedx.CycloneDxMediaType;
 import org.cyclonedx.exception.GeneratorException;
 import org.dependencytrack.auth.Permissions;
-import org.dependencytrack.event.BomUploadEvent;
 import org.dependencytrack.event.VexUploadEvent;
 import org.dependencytrack.model.Project;
 import org.dependencytrack.parser.cyclonedx.CycloneDXExporter;

src/main/java/org/dependencytrack/tasks/InternalComponentIdentificationTask.java

@@ -40,9 +40,7 @@
 import java.time.Instant;
 import java.util.List;
 
-import static java.time.Duration.ZERO;
 import static org.dependencytrack.tasks.LockName.INTERNAL_COMPONENT_IDENTIFICATION_TASK_LOCK;
-import static org.dependencytrack.tasks.LockName.PORTFOLIO_METRICS_TASK_LOCK;
 import static org.dependencytrack.util.LockProvider.isLockToBeExtended;
 
 /**

src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java

@@ -26,12 +26,9 @@
 import org.dependencytrack.metrics.Metrics;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.WorkflowState;
-import org.dependencytrack.model.WorkflowStatus;
 import org.dependencytrack.persistence.QueryManager;
 
 import java.time.Duration;
-import java.time.Instant;
-import java.util.Date;
 
 import static org.dependencytrack.model.WorkflowStep.METRICS_UPDATE;
 

src/main/java/org/dependencytrack/tasks/vulnerabilitypolicy/blobstorage/S3StorageHandler.java

@@ -2,7 +2,6 @@
 
 import alpine.Config;
 import alpine.common.logging.Logger;
-import io.opencensus.metrics.LongGauge;
 import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.io.IOUtils;