#58 Remove workaround for CVE-2020-8908 (#472)

doc/changes/changes_2.9.11.md

@@ -14,6 +14,10 @@ This adds three small improvements:
 
 * #470: Added three small improvements
 
+## Refactoring
+
+* #58: Removed workaround for CVE-2020-8908
+
 ## Dependency Updates
 
 ### Project-Keeper Shared Model Classes

maven-project-crawler/pom.xml

@@ -93,17 +93,6 @@
                 <artifactId>maven-plugin-plugin</artifactId>
                 <version>3.9.0</version>
             </plugin>
-            <plugin>
-                <groupId>org.sonatype.ossindex.maven</groupId>
-                <artifactId>ossindex-maven-plugin</artifactId>
-                <configuration>
-                    <excludeVulnerabilityIds>
-                        <!-- This issue is fixed in Maven 3.8.1. We need to wait until all developers have upgraded their Maven version.
-                             https://ossindex.sonatype.org/vulnerability/CVE-2021-26291 -->
-                        <exclude>CVE-2021-26291</exclude>
-                    </excludeVulnerabilityIds>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.basepom.maven</groupId>
                 <artifactId>duplicate-finder-maven-plugin</artifactId>

parent-pom/pom.xml

@@ -126,13 +126,6 @@
                 <groupId>org.apache.maven</groupId>
                 <artifactId>maven-core</artifactId>
                 <version>${maven.version}</version>
-                <exclusions>
-                    <!-- excluded since it introduces CVE-2020-8908 -->
-                    <exclusion>
-                        <groupId>com.google.guava</groupId>
-                        <artifactId>guava</artifactId>
-                    </exclusion>
-                </exclusions>
                 <scope>provided</scope>
             </dependency>
             <dependency>

pom.xml

@@ -71,18 +71,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.sonatype.ossindex.maven</groupId>
-                <artifactId>ossindex-maven-plugin</artifactId>
-                <version>3.2.0</version>
-                <configuration>
-                    <excludeVulnerabilityIds>
-                        <!-- This issue is fixed in Maven 3.8.1. We need to wait until all developers have upgraded their Maven version.
-                             https://ossindex.sonatype.org/vulnerability/CVE-2021-26291 -->
-                        <exclude>CVE-2021-26291</exclude>
-                    </excludeVulnerabilityIds>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
 </project>

project-keeper-maven-plugin/pom.xml

@@ -99,17 +99,6 @@
                     </archive>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.sonatype.ossindex.maven</groupId>
-                <artifactId>ossindex-maven-plugin</artifactId>
-                <configuration>
-                    <excludeVulnerabilityIds>
-                        <!-- This issue is fixed in Maven 3.8.1. We need to wait until all developers have upgraded their Maven version.
-                             https://ossindex.sonatype.org/vulnerability/CVE-2021-26291 -->
-                        <exclude>CVE-2021-26291</exclude>
-                    </excludeVulnerabilityIds>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.basepom.maven</groupId>
                 <artifactId>duplicate-finder-maven-plugin</artifactId>