From ecc6e2e0b67183959ad9c767514aa65a077585f0 Mon Sep 17 00:00:00 2001
From: Hans Aikema <aikebah-github@aikebah.net>
Date: Sat, 7 Sep 2024 13:24:04 +0200
Subject: [PATCH] build: Switch from JMockit to Mockito & build target to Java
 11 (#6922)

---
 .github/workflows/build.yml                   |   6 +-
 .github/workflows/coverity.yml                |   6 +-
 .github/workflows/pull_requests.yml           |  12 +-
 .github/workflows/release.yml                 |   6 +-
 README.md                                     |   7 +-
 ant/pom.xml                                   |   2 +-
 archetype/pom.xml                             |   2 +-
 cli/pom.xml                                   |   2 +-
 core/pom.xml                                  |   2 +-
 .../dependencycheck/AnalysisTaskTest.java     |  54 +++----
 .../org/owasp/dependencycheck/EngineIT.java   |  63 ++++----
 .../analyzer/CentralAnalyzerTest.java         |   4 -
 .../DependencyBundlingAnalyzerTest.java       |  20 +--
 .../data/update/EngineVersionCheckTest.java   |  43 ++----
 maven/pom.xml                                 |   7 +-
 .../maven/BaseDependencyCheckMojoTest.java    | 136 ++----------------
 pom.xml                                       |  33 ++---
 utils/pom.xml                                 |   2 +-
 18 files changed, 133 insertions(+), 274 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 41aeb53d201..c4fa8a5e5d2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,11 +46,11 @@ jobs:
       - uses: actions/setup-dotnet@v4.0.1
         with:
           dotnet-version: '8.0.x'
-      - name: Set up JDK 1.8
-        id: jdk-8
+      - name: Set up JDK 11
+        id: jdk-11
         uses: actions/setup-java@v4
         with:
-          java-version: 8
+          java-version: 11
           distribution: 'zulu'
           server-id: ossrh
           server-username: ${{ secrets.OSSRH_USERNAME }}
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 4445cee1685..a573f1fc56e 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 1.8
-        id: jdk-8
+      - name: Set up JDK 11
+        id: jdk-11
         uses: actions/setup-java@v4
         with:
-          java-version: 8
+          java-version: 11
           distribution: 'zulu'
       - name: Get coverity cli
         run: |
diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml
index 2be06d7798e..377d2428a8a 100644
--- a/.github/workflows/pull_requests.yml
+++ b/.github/workflows/pull_requests.yml
@@ -25,11 +25,11 @@ jobs:
       - uses: actions/setup-dotnet@v4.0.1
         with:
           dotnet-version: '8.0.x'
-      - name: Set up JDK 1.8
-        id: jdk-8
+      - name: Set up JDK 11
+        id: jdk-11
         uses: actions/setup-java@v4
         with:
-          java-version: 8
+          java-version: 11
           distribution: 'zulu'
       - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
         with:
@@ -62,11 +62,11 @@ jobs:
       - uses: actions/setup-dotnet@v4.0.1
         with:
           dotnet-version: '8.0.x'
-      - name: Set up JDK 1.8
-        id: jdk-8
+      - name: Set up JDK 11
+        id: jdk-11
         uses: actions/setup-java@v4
         with:
-          java-version: 8
+          java-version: 11
           distribution: 'zulu'
       - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0061a973ffc..b0ab981ed00 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -48,11 +48,11 @@ jobs:
       - uses: actions/setup-dotnet@v4.0.1
         with:
           dotnet-version: '8.0.x'
-      - name: Set up JDK 1.8
-        id: jdk-8
+      - name: Set up JDK 11
+        id: jdk-11
         uses: actions/setup-java@v4
         with:
-          java-version: 8
+          java-version: 11
           distribution: 'zulu'
           server-id: ossrh
           server-username: ${{ secrets.OSSRH_USERNAME }}
diff --git a/README.md b/README.md
index e8047478996..96f63074b74 100644
--- a/README.md
+++ b/README.md
@@ -71,10 +71,7 @@ dependencies {
 
 ### Java Version
 
-Minimum Java Version: Java 8 update 251
-
-While dependency-check 9.0.0 and higher will still run on Java 8 - the update version
-must be higher then 251.
+Minimum Java Version: Java 11
 
 ### Internet Access
 
@@ -318,7 +315,7 @@ docker run --rm ^
 Building From Source
 --------------------
 
-To build dependency-check (using Java 8) run the command:
+To build dependency-check (using Java 11) run the command:
 
 ```
 mvn -s settings.xml install
diff --git a/ant/pom.xml b/ant/pom.xml
index 34dca5994da..7d496651d73 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.5-SNAPSHOT</version>
+        <version>11.0.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>
diff --git a/archetype/pom.xml b/archetype/pom.xml
index a64ae7a86db..3ebbce25082 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.5-SNAPSHOT</version>
+        <version>11.0.0-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-plugin</artifactId>
     <name>Dependency-Check Plugin Archetype</name>
diff --git a/cli/pom.xml b/cli/pom.xml
index d1a4be78da1..346613aa308 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.5-SNAPSHOT</version>
+        <version>11.0.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>
diff --git a/core/pom.xml b/core/pom.xml
index 1d214dcb2f1..d65536225c1 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.5-SNAPSHOT</version>
+        <version>11.0.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>
diff --git a/core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java b/core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java
index 578bd53c150..50c51ccfeb5 100644
--- a/core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java
+++ b/core/src/test/java/org/owasp/dependencycheck/AnalysisTaskTest.java
@@ -1,9 +1,9 @@
 package org.owasp.dependencycheck;
 
-import mockit.Expectations;
-import mockit.Mocked;
-import mockit.Verifications;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
 import org.owasp.dependencycheck.analyzer.HintAnalyzer;
 import org.owasp.dependencycheck.dependency.Dependency;
@@ -12,16 +12,20 @@
 
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.times;
 
+@RunWith(MockitoJUnitRunner.class)
 public class AnalysisTaskTest extends BaseTest {
 
-    @Mocked
+    @Mock
     private FileTypeAnalyzer fileTypeAnalyzer;
 
-    @Mocked
+    @Mock
     private Dependency dependency;
 
-    @Mocked
+    @Mock
     private Engine engine;
 
 
@@ -35,13 +39,8 @@ public void shouldAnalyzeReturnsTrueForNonFileTypeAnalyzers() {
     @Test
     public void shouldAnalyzeReturnsTrueIfTheFileTypeAnalyzersAcceptsTheDependency() {
         final File dependencyFile = new File("");
-        new Expectations() {{
-            dependency.getActualFile();
-            result = dependencyFile;
-
-            fileTypeAnalyzer.accept(dependencyFile);
-            result = true;
-        }};
+        when(dependency.getActualFile()).thenReturn(dependencyFile);
+        when(fileTypeAnalyzer.accept(dependencyFile)).thenReturn(true);
 
         AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, null, null);
 
@@ -52,13 +51,8 @@ public void shouldAnalyzeReturnsTrueIfTheFileTypeAnalyzersAcceptsTheDependency()
     @Test
     public void shouldAnalyzeReturnsFalseIfTheFileTypeAnalyzerDoesNotAcceptTheDependency() {
         final File dependencyFile = new File("");
-        new Expectations() {{
-            dependency.getActualFile();
-            result = dependencyFile;
-
-            fileTypeAnalyzer.accept(dependencyFile);
-            result = false;
-        }};
+        when(dependency.getActualFile()).thenReturn(dependencyFile);
+        when(fileTypeAnalyzer.accept(dependencyFile)).thenReturn(false);
 
         AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, null, null);
 
@@ -69,32 +63,20 @@ public void shouldAnalyzeReturnsFalseIfTheFileTypeAnalyzerDoesNotAcceptTheDepend
     @Test
     public void taskAnalyzes() throws Exception {
         final AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, engine, null);
-        new Expectations(analysisTask) {{
-            analysisTask.shouldAnalyze();
-            result = true;
-        }};
+        when(fileTypeAnalyzer.accept(dependency.getActualFile())).thenReturn(true);
 
         analysisTask.call();
 
-        new Verifications() {{
-            fileTypeAnalyzer.analyze(dependency, engine);
-            times = 1;
-        }};
+        verify(fileTypeAnalyzer, times(1)).analyze(dependency, engine);
     }
 
     @Test
     public void taskDoesNothingIfItShouldNotAnalyze() throws Exception {
         final AnalysisTask analysisTask = new AnalysisTask(fileTypeAnalyzer, dependency, engine, null);
-        new Expectations(analysisTask) {{
-            analysisTask.shouldAnalyze();
-            result = false;
-        }};
+        when(fileTypeAnalyzer.accept(dependency.getActualFile())).thenReturn(false);
 
         analysisTask.call();
 
-        new Verifications() {{
-            fileTypeAnalyzer.analyze(dependency, engine);
-            times = 0;
-        }};
+        verify(fileTypeAnalyzer, times(0)).analyze(dependency, engine);
     }
 }
diff --git a/core/src/test/java/org/owasp/dependencycheck/EngineIT.java b/core/src/test/java/org/owasp/dependencycheck/EngineIT.java
index 9a960b0906b..c4a4e31ee5b 100644
--- a/core/src/test/java/org/owasp/dependencycheck/EngineIT.java
+++ b/core/src/test/java/org/owasp/dependencycheck/EngineIT.java
@@ -25,11 +25,19 @@
 import java.util.Set;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
-import mockit.Expectations;
-import mockit.Mocked;
+
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
 
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.exception.ExceptionCollection;
 import org.owasp.dependencycheck.exception.ReportException;
@@ -41,42 +49,40 @@
  *
  * @author Jeremy Long
  */
+@RunWith(MockitoJUnitRunner.class)
 public class EngineIT extends BaseDBTestCase {
 
-    @Mocked
+    @Mock
     private Analyzer analyzer;
 
-    @Mocked
+    @Mock
     private AnalysisTask analysisTask;
 
-    @Test(expected = ExceptionCollection.class)
+
+    @Test
     public void exceptionDuringAnalysisTaskExecutionIsFatal() throws DatabaseException, ExceptionCollection {
+         final ExecutorService executorService = Executors.newFixedThreadPool(3);
+         try (Engine instance = spy(new Engine(new Settings()))) {
+             final List<Throwable> exceptions = new ArrayList<>();
 
-        try (Engine instance = new Engine(getSettings())) {
-            final ExecutorService executorService = Executors.newFixedThreadPool(3);
-            final List<Throwable> exceptions = new ArrayList<>();
+             doThrow(new IllegalStateException("Analysis task execution threw an exception")).when(analysisTask).call();
 
-            new Expectations() {
-                {
-                    analysisTask.call();
-                    result = new IllegalStateException("Analysis task execution threw an exception");
-                }
-            };
+             final List<AnalysisTask> failingAnalysisTask = new ArrayList<>();
+             failingAnalysisTask.add(analysisTask);
 
-            final List<AnalysisTask> failingAnalysisTask = new ArrayList<>();
-            failingAnalysisTask.add(analysisTask);
+             when(analyzer.supportsParallelProcessing()).thenReturn(true);
+             when(instance.getExecutorService(analyzer)).thenReturn(executorService);
+             doReturn(failingAnalysisTask).when(instance).getAnalysisTasks(analyzer, exceptions);
 
-            new Expectations(instance) {
-                {
-                    instance.getExecutorService(analyzer);
-                    result = executorService;
-                    instance.getAnalysisTasks(analyzer, exceptions);
-                    result = failingAnalysisTask;
-                }
-            };
-            instance.executeAnalysisTasks(analyzer, exceptions);
-            assertTrue(executorService.isShutdown());
-        }
+             instance.executeAnalysisTasks(analyzer, exceptions);
+             fail("ExceptionCollection exception was expected");
+         } catch (ExceptionCollection expected) {
+             List<Throwable> collected = expected.getExceptions();
+             assertEquals(1, collected.size());
+             assertEquals(java.util.concurrent.ExecutionException.class, collected.get(0).getClass());
+             assertEquals("java.lang.IllegalStateException: Analysis task execution threw an exception", collected.get(0).getMessage());
+             assertTrue(executorService.isShutdown());
+         }
     }
 
     /**
@@ -111,6 +117,9 @@ public void testEngine() throws IOException, InvalidSettingException, DatabaseEx
                 allowedMessages.add("AssemblyAnalyzer");
                 allowedMessages.add("Failed to request component-reports");
                 allowedMessages.add("ailed to read results from the NPM Audit API");
+                allowedMessages.add("../tmp/evil.txt");
+                allowedMessages.add("malformed input off : 5, length : 1");
+                allowedMessages.add("Python `pyproject.toml` found and there is not a `poetry.lock` or `requirements.txt`");
                 for (Throwable t : ex.getExceptions()) {
                     boolean isOk = false;
                     if (t.getMessage() != null) {
diff --git a/core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java b/core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java
index 22d8fa7c1a4..fb17c03ea2f 100644
--- a/core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java
+++ b/core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java
@@ -17,10 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import mockit.Expectations;
-import mockit.Mock;
-import mockit.MockUp;
-import mockit.Mocked;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
diff --git a/core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java b/core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java
index 45b6589f2bb..5aad595e7a4 100644
--- a/core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java
+++ b/core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java
@@ -19,9 +19,11 @@
 
 import com.github.packageurl.MalformedPackageURLException;
 import java.io.File;
-import mockit.Mocked;
-import mockit.Verifications;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.owasp.dependencycheck.BaseTest;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.dependency.Dependency;
@@ -29,15 +31,19 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
 
 /**
  * @author Jeremy Long
  */
+@RunWith(MockitoJUnitRunner.class)
 public class DependencyBundlingAnalyzerTest extends BaseTest {
 
-    @Mocked
+    @Mock(answer = Answers.RETURNS_SMART_NULLS)
     private Engine engineMock;
 
     /**
@@ -80,13 +86,7 @@ public void testAnalyze() throws Exception {
         instance.analyze(null, engineMock);
         instance.analyze(null, engineMock);
         assertTrue(instance.getAnalyzed());
-
-        new Verifications() {
-            {
-                engineMock.getDependencies();
-                times = 1;
-            }
-        };
+        verify(engineMock, times(1)).getDependencies();
     }
 
     /**
diff --git a/core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java b/core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java
index a615d23fa86..10be1c564cf 100644
--- a/core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java
+++ b/core/src/test/java/org/owasp/dependencycheck/data/update/EngineVersionCheckTest.java
@@ -15,34 +15,38 @@
  */
 package org.owasp.dependencycheck.data.update;
 
-import java.time.*;
+import java.time.LocalDate;
+import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
 import java.time.temporal.TemporalAccessor;
-import java.util.Properties;
-
-import mockit.Injectable;
-import mockit.Mock;
-import mockit.MockUp;
-import mockit.Tested;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.doAnswer;
 
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.owasp.dependencycheck.BaseTest;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
-import org.owasp.dependencycheck.data.update.exception.UpdateException;
 import org.owasp.dependencycheck.utils.DependencyVersion;
 
 /**
  * @author Jeremy Long
  */
+@RunWith(MockitoJUnitRunner.class)
 public class EngineVersionCheckTest extends BaseTest {
 
-    @Injectable
+    @Mock
     private CveDB cveDb;
-    @Tested
+
+    @InjectMocks
+    @Spy
     private DatabaseProperties dbProperties;
 
     /**
@@ -50,24 +54,8 @@ public class EngineVersionCheckTest extends BaseTest {
      */
     @Test
     public void testShouldUpdate() throws Exception {
-        new MockUp<DatabaseProperties>() {
-            private final Properties properties = new Properties();
-
-            @Mock
-            public void $init(CveDB db) {
-                //empty
-            }
-
-            @Mock
-            public void save(String key, String value) throws UpdateException {
-                properties.setProperty(key, value);
-            }
 
-            @Mock
-            public String getProperty(String key) {
-                return properties.getProperty(key);
-            }
-        };
+        doAnswer(invocation -> null).when(dbProperties).save(anyString(), anyString());
 
         String updateToVersion = "1.2.6";
         String currentVersion = "1.2.6";
@@ -89,7 +77,6 @@ public String getProperty(String key) {
         instance.setUpdateToVersion(updateToVersion);
         result = instance.shouldUpdate(lastChecked, now, dbProperties, currentVersion);
         assertEquals(expResult, result);
-        //System.out.println(properties.getProperty(CURRENT_ENGINE_RELEASE));
 
         updateToVersion = "1.2.5";
         currentVersion = "1.2.5";
diff --git a/maven/pom.xml b/maven/pom.xml
index e2ec1d8397c..cce40b9a326 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.5-SNAPSHOT</version>
+        <version>11.0.0-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-maven</artifactId>
     <packaging>maven-plugin</packaging>
@@ -107,6 +107,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-jcs3-core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>io.github.jeremylong</groupId>
             <artifactId>jcs3-slf4j</artifactId>
diff --git a/maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java b/maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
index 99826ca13db..13f47677ce9 100644
--- a/maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
+++ b/maven/src/test/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojoTest.java
@@ -18,127 +18,39 @@
 package org.owasp.dependencycheck.maven;
 
 import java.io.File;
-import java.net.URISyntaxException;
-import java.util.HashSet;
 import java.util.Locale;
-import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import mockit.Mock;
-import mockit.MockUp;
-import mockit.Tested;
-import org.apache.maven.artifact.Artifact;
+
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
-import org.apache.maven.plugin.testing.stubs.ArtifactStub;
 import org.apache.maven.project.MavenProject;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import org.junit.Assume;
+import static org.mockito.Mockito.doReturn;
+
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.owasp.dependencycheck.Engine;
-import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.exception.ExceptionCollection;
-import org.owasp.dependencycheck.utils.InvalidSettingException;
-import org.owasp.dependencycheck.utils.Settings;
 
 /**
  *
  * @author Jeremy Long
  */
+@RunWith(MockitoJUnitRunner.class)
 public class BaseDependencyCheckMojoTest extends BaseTest {
 
-    @Tested
+    @Spy
     MavenProject project;
 
-    /**
-     * Checks if the test can be run. The test in this class fail, presumable
-     * due to jmockit, if the JDK is 1.8+.
-     *
-     * @return true if the JDK is below 1.8.
-     */
-    public boolean canRun() {
-        String version = System.getProperty("java.version");
-        int firstDot = version.indexOf('.');
-        if (firstDot < 0) {
-            // new java.version format, so Java 9 or above
-            return false;
-        }
-        int secondDot = version.indexOf('.', firstDot+1);
-        if (secondDot < 0) {
-            // new java.version format, so Java 9 or above
-            return false;
-        }
-        version = version.substring(0, secondDot);
-
-        double v = Double.parseDouble(version);
-        return v == 1.7;
-    }
-
-    /**
-     * Test of scanArtifacts method, of class BaseDependencyCheckMojo.
-     */
-    @Test
-    public void testScanArtifacts() throws DatabaseException, InvalidSettingException {
-        new MockUp<MavenProject>() {
-            @Mock
-            public Set<Artifact> getArtifacts() {
-                Set<Artifact> artifacts = new HashSet<>();
-                Artifact a = new ArtifactStub();
-                try {
-                    File file = new File(Test.class.getProtectionDomain().getCodeSource().getLocation().toURI());
-                    a.setFile(file);
-                    artifacts.add(a);
-                } catch (URISyntaxException ex) {
-                    Logger.getLogger(BaseDependencyCheckMojoTest.class.getName()).log(Level.SEVERE, null, ex);
-                }
-                //File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath());
-
-                return artifacts;
-            }
-
-            @SuppressWarnings("SameReturnValue")
-            @Mock
-            public String getName() {
-                return "test-project";
-            }
-        };
-
-        if (canRun()) {
-            boolean autoUpdate = getSettings().getBoolean(Settings.KEYS.AUTO_UPDATE);
-            getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, false);
-            try (Engine engine = new Engine(getSettings())) {
-                getSettings().setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
-
-                assertTrue(engine.getDependencies().length == 0);
-                BaseDependencyCheckMojoImpl instance = new BaseDependencyCheckMojoImpl();
-                ExceptionCollection exCol = null;
-                try { //the mock above fails under some JDKs
-                    exCol = instance.scanArtifacts(project, engine);
-                } catch (NullPointerException ex) {
-                    Assume.assumeNoException(ex);
-                }
-                assertNull(exCol);
-                assertFalse(engine.getDependencies().length == 0);
-            }
-        }
-    }
-
     @Test
     public void should_newDependency_get_pom_from_base_dir() {
         // Given
         BaseDependencyCheckMojo instance = new BaseDependencyCheckMojoImpl();
 
-        new MockUp<MavenProject>() {
-            @Mock
-            public File getBasedir() {
-                return new File("src/test/resources/maven_project_base_dir");
-            }
-        };
+        doReturn(new File("src/test/resources/maven_project_base_dir")).when(project).getBasedir();
 
         String expectOutput = "pom.xml";
 
@@ -154,17 +66,8 @@ public void should_newDependency_get_default_virtual_dependency() {
         // Given
         BaseDependencyCheckMojo instance = new BaseDependencyCheckMojoImpl();
 
-        new MockUp<MavenProject>() {
-            @Mock
-            public File getBasedir() {
-                return new File("src/test/resources/dir_without_pom");
-            }
-
-            @Mock
-            public File getFile() {
-                return new File("src/test/resources/dir_without_pom");
-            }
-        };
+        doReturn(new File("src/test/resources/dir_without_pom")).when(project).getBasedir();
+        doReturn(new File("src/test/resources/dir_without_pom")).when(project).getFile();
 
         // When
         String output = instance.newDependency(project).getFileName();
@@ -178,17 +81,8 @@ public void should_newDependency_get_pom_declared_as_module() {
         // Given
         BaseDependencyCheckMojo instance = new BaseDependencyCheckMojoImpl();
 
-        new MockUp<MavenProject>() {
-            @Mock
-            public File getBasedir() {
-                return new File("src/test/resources/dir_containing_maven_poms_declared_as_modules_in_another_pom");
-            }
-
-            @Mock
-            public File getFile() {
-                return new File("src/test/resources/dir_containing_maven_poms_declared_as_modules_in_another_pom/serverlibs.pom");
-            }
-        };
+        doReturn(new File("src/test/resources/dir_containing_maven_poms_declared_as_modules_in_another_pom")).when(project).getBasedir();
+        doReturn(new File("src/test/resources/dir_containing_maven_poms_declared_as_modules_in_another_pom/serverlibs.pom")).when(project).getFile();
 
         String expectOutput = "serverlibs.pom";
 
@@ -211,12 +105,12 @@ protected void runCheck() throws MojoExecutionException, MojoFailureException {
 
         @Override
         public String getName(Locale locale) {
-            return "test implementation";
+            throw new UnsupportedOperationException("Operation not supported");
         }
 
         @Override
         public String getDescription(Locale locale) {
-            return "test implementation";
+            throw new UnsupportedOperationException("Operation not supported");
         }
 
         @Override
diff --git a/pom.xml b/pom.xml
index 52037a34a94..bfcbe2a5686 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>10.0.5-SNAPSHOT</version>
+    <version>11.0.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <modules>
@@ -111,6 +111,7 @@ Copyright (c) 2012 - Jeremy Long
         </license>
     </licenses>
     <properties>
+        <maven.compiler.release>11</maven.compiler.release>
         <!--reproducible build-->
         <project.build.outputTimestamp>2024-09-01T11:39:49Z</project.build.outputTimestamp>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -153,8 +154,7 @@ Copyright (c) 2012 - Jeremy Long
         <aho-corasick-double-array-trie.version>1.2.3</aho-corasick-double-array-trie.version>
         <junit.version>4.13.2</junit.version>
         <hamcrest.version>2.2</hamcrest.version>
-        <jmockit.version>1.49</jmockit.version>
-        <mockito-core.version>4.11.0</mockito-core.version>
+        <mockito-core.version>5.12.0</mockito-core.version>
         <jsoup.version>1.17.2</jsoup.version>
         <commons-compress.version>1.27.0</commons-compress.version>
         <org.apache.maven.shared.file-management.version>3.1.0</org.apache.maven.shared.file-management.version>
@@ -440,9 +440,7 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <forceJavacCompilerUse>true</forceJavacCompilerUse>
                     <showDeprecation>true</showDeprecation>
-                    <release>8</release>
                     <compilerArgs>
                         <arg>-Xlint</arg>
                     </compilerArgs>
@@ -521,7 +519,6 @@ Copyright (c) 2012 - Jeremy Long
                     <sourceFileExcludes>
                         <exclude>**/generated-sources/**/*.java</exclude>
                     </sourceFileExcludes>
-                    <source>8</source>
                     <detectJavaApiLink>false</detectJavaApiLink>
                 </configuration>
             </plugin>
@@ -555,7 +552,7 @@ Copyright (c) 2012 - Jeremy Long
                         <configuration>
                             <rules>
                                 <byteCodeRule implementation="org.owasp.maven.enforcer.rule.ClassFileFormatRule">
-                                    <supportedClassFileFormat>52</supportedClassFileFormat>
+                                    <supportedClassFileFormat>55</supportedClassFileFormat>
                                 </byteCodeRule>
                             </rules>
                         </configuration>
@@ -654,7 +651,7 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
-                    <argLine>@{surefireArgLine} -Dfile.encoding=UTF-8 -javaagent:${settings.localRepository}/org/jmockit/jmockit/${jmockit.version}/jmockit-${jmockit.version}.jar</argLine>
+                    <argLine>@{surefireArgLine} -Dfile.encoding=UTF-8</argLine>
                     <systemPropertyVariables>
                         <data.directory>${project.build.directory}/data</data.directory>
                         <temp.directory>${project.build.directory}/temp</temp.directory>
@@ -666,7 +663,7 @@ Copyright (c) 2012 - Jeremy Long
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-failsafe-plugin</artifactId>
                 <configuration>
-                    <argLine>@{failsafeArgLine} -javaagent:${settings.localRepository}/org/jmockit/jmockit/${jmockit.version}/jmockit-${jmockit.version}.jar</argLine>
+                    <argLine>@{failsafeArgLine}</argLine>
                     <systemPropertyVariables>
                         <data.directory>${project.build.directory}/data</data.directory>
                         <temp.directory>${project.build.directory}/temp</temp.directory>
@@ -846,7 +843,6 @@ Copyright (c) 2012 - Jeremy Long
                             <sourceFileExcludes>
                                 <exclude>**/generated-sources/**/*.java</exclude>
                             </sourceFileExcludes>
-                            <source>8</source>
                             <detectJavaApiLink>false</detectJavaApiLink>
                         </configuration>
                     </reportSet>
@@ -990,12 +986,6 @@ Copyright (c) 2012 - Jeremy Long
                 <version>5.15.0</version>
                 <scope>test</scope>
             </dependency>
-            <dependency>
-                <groupId>org.jmockit</groupId>
-                <artifactId>jmockit</artifactId>
-                <version>${jmockit.version}</version>
-                <scope>test</scope>
-            </dependency>
             <dependency>
                 <groupId>org.mockito</groupId>
                 <artifactId>mockito-core</artifactId>
@@ -1075,9 +1065,13 @@ Copyright (c) 2012 - Jeremy Long
                 <version>4.0.1</version>
             </dependency>
             <dependency>
+                <!--
+                    https://github.com/codehaus-plexus/plexus-utils/blob/master/README.md
+                    for Maven 3 compatibility plexus-xml should be at version 3.x
+                    -->
                 <groupId>org.codehaus.plexus</groupId>
                 <artifactId>plexus-xml</artifactId>
-                <version>4.0.4</version>
+                <version>3.0.1</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson</groupId>
@@ -1352,11 +1346,6 @@ Copyright (c) 2012 - Jeremy Long
             <artifactId>hamcrest</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jmockit</groupId>
-            <artifactId>jmockit</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.jetbrains</groupId>
             <artifactId>annotations</artifactId>
diff --git a/utils/pom.xml b/utils/pom.xml
index 29bb9f87aa0..d20ddf2bf4b 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.5-SNAPSHOT</version>
+        <version>11.0.0-SNAPSHOT</version>
    </parent>
 
     <artifactId>dependency-check-utils</artifactId>