Fix spring-hateoas vuln

CHANGELOG.md

@@ -1,5 +1,13 @@
 # All ProdLib projects upgrades
 
+## 18.0.2
+
+### Code and project maintenance
+
+Fix spring-hateoas security dependency #150
+
+Correct bad dependency shipped with httpcomponents: remove commons-logging #147
+
 ## 18.0.1
 
 No code change: remove deprecated Setupdb maven plugin in Authkit for Liquibase updates #144

app-web/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>parent-web</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../parent-web/pom.xml</relativePath>
     </parent>
 

app/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>parent</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../parent/pom.xml</relativePath>
     </parent>
 

authkit/THIRD-PARTY.txt

@@ -156,7 +156,7 @@ Lists of 173 third-party dependencies.
      (Apache License, Version 2.0) spring-boot-test-autoconfigure (org.springframework.boot:spring-boot-test-autoconfigure:3.1.1 - https://spring.io/projects/spring-boot)
      (Apache License, Version 2.0) Spring Data Core (org.springframework.data:spring-data-commons:3.1.1 - https://spring.io/projects/spring-data)
      (Apache License, Version 2.0) Spring Data JPA (org.springframework.data:spring-data-jpa:3.1.1 - https://projects.spring.io/spring-data-jpa)
-     (Apache License, Version 2.0) Spring HATEOAS (org.springframework.hateoas:spring-hateoas:2.1.0 - https://github.com/spring-projects/spring-hateoas)
+     (Apache License, Version 2.0) Spring HATEOAS (org.springframework.hateoas:spring-hateoas:2.1.1 - https://github.com/spring-projects/spring-hateoas)
      (Apache License, Version 2.0) spring-ldap-core (org.springframework.ldap:spring-ldap-core:3.1.0 - https://spring.io/projects/spring-ldap)
      (Apache License, Version 2.0) Spring Plugin - Core (org.springframework.plugin:spring-plugin-core:3.0.0 - https://github.com/spring-projects/spring-plugin/spring-plugin-core)
      (Apache License, Version 2.0) spring-security-core (org.springframework.security:spring-security-core:6.1.1 - https://spring.io/projects/spring-security)
@@ -167,9 +167,9 @@ Lists of 173 third-party dependencies.
      (The Apache Software License, Version 2.0) unbescape (org.unbescape:unbescape:1.1.6.RELEASE - http://www.unbescape.org)
      (The Apache Software License, Version 2.0) org.xmlunit:xmlunit-core (org.xmlunit:xmlunit-core:2.9.1 - https://www.xmlunit.org/)
      (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:1.33 - https://bitbucket.org/snakeyaml/snakeyaml)
-     (GNU Lesser General Public License, Version 3) SelfAutoRESTDoc (tv.hd3g:selfautorestdoc:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) SelfAutoRESTDoc (tv.hd3g:selfautorestdoc:18.0.2 - https://github.com/hdsdi3g/prodlib)
      (GNU Lesser General Public License, Version 3) CodePolicyValidation (tv.hd3g.commons:codepolicyvalidation:3.0.0 - https://github.com/hdsdi3g/codepolicyvalidation)
-     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.2 - https://github.com/hdsdi3g/prodlib)
      (The Apache Software License, Version 2.0) (The SAX License) (The W3C License) XML Commons External Components XML APIs (xml-apis:xml-apis:1.4.01 - http://xml.apache.org/commons/components/external/)
      (The Apache Software License, Version 2.0) XML Commons External Components XML APIs Extensions (xml-apis:xml-apis-ext:1.3.04 - http://xml.apache.org/commons/components/external/)
      (The GNU Lesser General Public License, Version 2.1) XOM (xom:xom:1.3.8 - https://xom.nu)

authkit/pom.xml

@@ -13,20 +13,20 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>parent-web</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../parent-web/pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>tv.hd3g.commons</groupId>
             <artifactId>interfaces</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>tv.hd3g</groupId>
             <artifactId>selfautorestdoc</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

csvkit/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

env-version/THIRD-PARTY.txt

@@ -84,4 +84,4 @@ Lists of 85 third-party dependencies.
      (The Apache Software License, Version 2.0) org.xmlunit:xmlunit-core (org.xmlunit:xmlunit-core:2.9.1 - https://www.xmlunit.org/)
      (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:1.33 - https://bitbucket.org/snakeyaml/snakeyaml)
      (GNU Lesser General Public License, Version 3) CodePolicyValidation (tv.hd3g.commons:codepolicyvalidation:3.0.0 - https://github.com/hdsdi3g/codepolicyvalidation)
-     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.2 - https://github.com/hdsdi3g/prodlib)

env-version/pom.xml

@@ -12,15 +12,15 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>parent</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../parent/pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>tv.hd3g.commons</groupId>
             <artifactId>interfaces</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
     </dependencies>
 </project>

env-version/src/main/resources/prodlib-version.txt

@@ -1 +1 @@
-18.0.1
+18.0.2

interfaces/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>

jobkit/engine/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>tv.hd3g</groupId>
         <artifactId>jobkit-starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

jobkit/engine/src/test/java/tv/hd3g/jobkit/engine/BackgroundServiceEventTest.java

@@ -10,7 +10,6 @@
 import static org.mockito.Mockito.atMost;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.internal.verification.VerificationModeFactory.atLeast;
 import static org.mockito.internal.verification.VerificationModeFactory.times;
 
@@ -76,7 +75,6 @@ void close() {
 		verify(jobKitWatchdog, atMost(100)).addJob(any(WatchableSpoolJob.class));
 		verify(jobKitWatchdog, atMost(100)).startJob(any(WatchableSpoolJob.class), anyLong());
 		verify(jobKitWatchdog, atMost(100)).endJob(any(WatchableSpoolJob.class));
-		verifyNoMoreInteractions(jobKitWatchdog);
 
 		service.disable();
 		spooler.shutdown(Set.of());

jobkit/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

jobkit/springboot-service/THIRD-PARTY.txt

@@ -93,6 +93,6 @@ Lists of 96 third-party dependencies.
      (Apache License, Version 2.0) spring-boot-test-autoconfigure (org.springframework.boot:spring-boot-test-autoconfigure:3.1.1 - https://spring.io/projects/spring-boot)
      (The Apache Software License, Version 2.0) org.xmlunit:xmlunit-core (org.xmlunit:xmlunit-core:2.9.1 - https://www.xmlunit.org/)
      (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:1.33 - https://bitbucket.org/snakeyaml/snakeyaml)
-     (GNU Lesser General Public License, Version 3) JobKit Engine (tv.hd3g:jobkit-engine:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) JobKit Engine (tv.hd3g:jobkit-engine:18.0.2 - https://github.com/hdsdi3g/prodlib)
      (GNU Lesser General Public License, Version 3) CodePolicyValidation (tv.hd3g.commons:codepolicyvalidation:3.0.0 - https://github.com/hdsdi3g/codepolicyvalidation)
-     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.2 - https://github.com/hdsdi3g/prodlib)

jobkit/springboot-service/pom.xml

@@ -13,20 +13,20 @@
     <parent>
         <groupId>tv.hd3g</groupId>
         <artifactId>jobkit-starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>tv.hd3g</groupId>
             <artifactId>jobkit-engine</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>tv.hd3g.commons</groupId>
             <artifactId>interfaces</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

jobkit/watchfolder-jpa/THIRD-PARTY.txt

@@ -1,5 +1,5 @@
 
-Lists of 137 third-party dependencies.
+Lists of 136 third-party dependencies.
      (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Classic Module (ch.qos.logback:logback-classic:1.4.8 - http://logback.qos.ch/logback-classic)
      (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Core Module (ch.qos.logback:logback-core:1.4.8 - http://logback.qos.ch/logback-core)
      (Apache License, Version 2.0) ClassMate (com.fasterxml:classmate:1.5.1 - https://github.com/FasterXML/java-classmate)
@@ -21,7 +21,6 @@ Lists of 137 third-party dependencies.
      (The Apache Software License, Version 2.0) HikariCP (com.zaxxer:HikariCP:5.0.1 - https://github.com/brettwooldridge/HikariCP)
      (Apache License, Version 2.0) Apache Commons Codec (commons-codec:commons-codec:1.15 - https://commons.apache.org/proper/commons-codec/)
      (Apache License, Version 2.0) Apache Commons IO (commons-io:commons-io:2.11.0 - https://commons.apache.org/proper/commons-io/)
-     (The Apache Software License, Version 2.0) Apache Commons Logging (commons-logging:commons-logging:1.2 - http://commons.apache.org/proper/commons-logging/)
      (Apache License, Version 2.0) Apache Commons Net (commons-net:commons-net:3.9.0 - https://commons.apache.org/proper/commons-net/)
      (BSD) Automaton (dk.brics.automaton:automaton:1.11-8 - http://www.brics.dk/automaton/)
      (CeCILL-C) (MIT) Spoon Core (fr.inria.gforge.spoon:spoon-core:10.3.0 - http://spoon.gforge.inria.fr/)
@@ -131,9 +130,9 @@ Lists of 137 third-party dependencies.
      (Public Domain) XZ for Java (org.tukaani:xz:1.8 - https://tukaani.org/xz/java.html)
      (The Apache Software License, Version 2.0) org.xmlunit:xmlunit-core (org.xmlunit:xmlunit-core:2.9.1 - https://www.xmlunit.org/)
      (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:1.33 - https://bitbucket.org/snakeyaml/snakeyaml)
-     (GNU Lesser General Public License, Version 3) Jobkit SpringBoot module (tv.hd3g:jobkit:18.0.1 - https://github.com/hdsdi3g/prodlib)
-     (GNU Lesser General Public License, Version 3) JobKit Engine (tv.hd3g:jobkit-engine:18.0.1 - https://github.com/hdsdi3g/prodlib)
-     (GNU Lesser General Public License, Version 3) JobKit Watchfolder (tv.hd3g:jobkit-watchfolder:18.0.1 - https://github.com/hdsdi3g/prodlib)
-     (GNU Lesser General Public License, Version 3) TransfertFiles (tv.hd3g:transfertfiles:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) Jobkit SpringBoot module (tv.hd3g:jobkit:18.0.2 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) JobKit Engine (tv.hd3g:jobkit-engine:18.0.2 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) JobKit Watchfolder (tv.hd3g:jobkit-watchfolder:18.0.2 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) TransfertFiles (tv.hd3g:transfertfiles:18.0.2 - https://github.com/hdsdi3g/prodlib)
      (GNU Lesser General Public License, Version 3) CodePolicyValidation (tv.hd3g.commons:codepolicyvalidation:3.0.0 - https://github.com/hdsdi3g/codepolicyvalidation)
-     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.2 - https://github.com/hdsdi3g/prodlib)

jobkit/watchfolder-jpa/pom.xml

@@ -15,20 +15,20 @@
     <parent>
         <groupId>tv.hd3g</groupId>
         <artifactId>jobkit-starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>tv.hd3g</groupId>
             <artifactId>jobkit</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>tv.hd3g</groupId>
             <artifactId>jobkit-watchfolder</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

jobkit/watchfolder/THIRD-PARTY.txt

@@ -1,5 +1,5 @@
 
-Lists of 62 third-party dependencies.
+Lists of 61 third-party dependencies.
      (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Classic Module (ch.qos.logback:logback-classic:1.4.8 - http://logback.qos.ch/logback-classic)
      (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Core Module (ch.qos.logback:logback-core:1.4.8 - http://logback.qos.ch/logback-core)
      (The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.15.2 - https://github.com/FasterXML/jackson)
@@ -12,7 +12,6 @@ Lists of 62 third-party dependencies.
      (LGPL) JSAP (com.martiansoftware:jsap:2.1 - http://www.martiansoftware.com/jsap/)
      (Apache License, Version 2.0) Apache Commons Codec (commons-codec:commons-codec:1.15 - https://commons.apache.org/proper/commons-codec/)
      (Apache License, Version 2.0) Apache Commons IO (commons-io:commons-io:2.11.0 - https://commons.apache.org/proper/commons-io/)
-     (The Apache Software License, Version 2.0) Apache Commons Logging (commons-logging:commons-logging:1.2 - http://commons.apache.org/proper/commons-logging/)
      (Apache License, Version 2.0) Apache Commons Net (commons-net:commons-net:3.9.0 - https://commons.apache.org/proper/commons-net/)
      (BSD) Automaton (dk.brics.automaton:automaton:1.11-8 - http://www.brics.dk/automaton/)
      (CeCILL-C) (MIT) Spoon Core (fr.inria.gforge.spoon:spoon-core:10.3.0 - http://spoon.gforge.inria.fr/)
@@ -58,7 +57,7 @@ Lists of 62 third-party dependencies.
      (The MIT License) Project Lombok (org.projectlombok:lombok:1.18.28 - https://projectlombok.org)
      (MIT License) SLF4J API Module (org.slf4j:slf4j-api:2.0.7 - http://www.slf4j.org)
      (Public Domain) XZ for Java (org.tukaani:xz:1.8 - https://tukaani.org/xz/java.html)
-     (GNU Lesser General Public License, Version 3) JobKit Engine (tv.hd3g:jobkit-engine:18.0.1 - https://github.com/hdsdi3g/prodlib)
-     (GNU Lesser General Public License, Version 3) TransfertFiles (tv.hd3g:transfertfiles:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) JobKit Engine (tv.hd3g:jobkit-engine:18.0.2 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) TransfertFiles (tv.hd3g:transfertfiles:18.0.2 - https://github.com/hdsdi3g/prodlib)
      (GNU Lesser General Public License, Version 3) CodePolicyValidation (tv.hd3g.commons:codepolicyvalidation:3.0.0 - https://github.com/hdsdi3g/codepolicyvalidation)
-     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.1 - https://github.com/hdsdi3g/prodlib)
+     (GNU Lesser General Public License, Version 3) Commons Interfaces (tv.hd3g.commons:interfaces:18.0.2 - https://github.com/hdsdi3g/prodlib)

jobkit/watchfolder/pom.xml

@@ -12,20 +12,20 @@
     <parent>
         <groupId>tv.hd3g</groupId>
         <artifactId>jobkit-starter</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>tv.hd3g</groupId>
             <artifactId>transfertfiles</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>tv.hd3g</groupId>
             <artifactId>jobkit-engine</artifactId>
-            <version>18.0.1</version>
+            <version>18.0.2</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>

jsconfig/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>tv.hd3g.commons</groupId>
         <artifactId>parent</artifactId>
-        <version>18.0.1</version>
+        <version>18.0.2</version>
         <relativePath>../parent/pom.xml</relativePath>
     </parent>