From d7f112e8e1b1125475b5bbc0c22fae75068fd507 Mon Sep 17 00:00:00 2001
From: Stephan Schroevers <stephan.schroevers@teampicnic.com>
Date: Thu, 14 Sep 2023 09:11:13 -0700
Subject: [PATCH] Upgrade java-diff-utils 4.0 -> 4.12

This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves #4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- https://github.com/java-diff-utils/java-diff-utils/compare/java-diff-utils-4.0...java-diff-utils-parent-4.12

Fixes #4085

COPYBARA_INTEGRATE_REVIEW=https://github.com/google/error-prone/pull/4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e9063d4805d8bd85418921fc022357b8df0a3
PiperOrigin-RevId: 565386924
---
 check_api/pom.xml                                         | 2 +-
 .../com/google/errorprone/apply/PatchFileDestination.java | 8 +-------
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/check_api/pom.xml b/check_api/pom.xml
index 3f28f8ce050..e026cb775ee 100644
--- a/check_api/pom.xml
+++ b/check_api/pom.xml
@@ -59,7 +59,7 @@
       <!-- Apache 2.0 -->
       <groupId>io.github.java-diff-utils</groupId>
       <artifactId>java-diff-utils</artifactId>
-      <version>4.0</version>
+      <version>4.12</version>
     </dependency>
     <dependency>
       <!-- Apache 2.0 -->
diff --git a/check_api/src/main/java/com/google/errorprone/apply/PatchFileDestination.java b/check_api/src/main/java/com/google/errorprone/apply/PatchFileDestination.java
index 98b1a86bf9c..896cea59894 100644
--- a/check_api/src/main/java/com/google/errorprone/apply/PatchFileDestination.java
+++ b/check_api/src/main/java/com/google/errorprone/apply/PatchFileDestination.java
@@ -20,7 +20,6 @@
 
 import com.github.difflib.DiffUtils;
 import com.github.difflib.UnifiedDiffUtils;
-import com.github.difflib.algorithm.DiffException;
 import com.github.difflib.patch.Patch;
 import com.google.common.base.Joiner;
 import com.google.common.base.Splitter;
@@ -60,12 +59,7 @@ public void writeFile(SourceFile update) throws IOException {
     if (!oldSource.equals(newSource)) {
       List<String> originalLines = LINE_SPLITTER.splitToList(oldSource);
 
-      Patch<String> diff = null;
-      try {
-        diff = DiffUtils.diff(originalLines, LINE_SPLITTER.splitToList(newSource));
-      } catch (DiffException e) {
-        throw new AssertionError("DiffUtils.diff should not fail", e);
-      }
+      Patch<String> diff = DiffUtils.diff(originalLines, LINE_SPLITTER.splitToList(newSource));
       String relativePath = baseDir.relativize(sourceFilePath).toString();
       List<String> unifiedDiff =
           UnifiedDiffUtils.generateUnifiedDiff(relativePath, relativePath, originalLines, diff, 2);