Merge pull request #54 from netceteragroup/53-upgrade-to-spring-boot-310

[#53] Update spring-boot to 3.1.0 and dependencies

girders-demos/pom.xml

@@ -29,7 +29,7 @@
     <!-- version properties -->
     <bootstrap.version>4.6.2</bootstrap.version>
     <girders.version>6.0.1-SNAPSHOT</girders.version>
-    <jquery.version>3.6.1</jquery.version>
+    <jquery.version>3.6.4</jquery.version>
     <jquery-cookie.version>1.4.1-1</jquery-cookie.version>
     <webjars-locator.version>0.46</webjars-locator.version>
 

girders-parent/pom.xml

@@ -21,7 +21,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
     <!-- plugin versions -->
-    <checkstyle.version>10.3</checkstyle.version>
+    <checkstyle.version>10.11.0</checkstyle.version>
     <git-commit-id-plugin.version>4.9.10</git-commit-id-plugin.version>
     <owasp-cvss-limit>7.0</owasp-cvss-limit>
   </properties>

girders-platform-bom/pom.xml

@@ -32,27 +32,23 @@
           known security issues; you can remove this version and the dependency declaration where it's used once all
           our dependencies have migrated to a version of commons-compress that has no security issues -->
     <commons-compress.version>1.21</commons-compress.version>
-    <commons-io.version>2.11.0</commons-io.version>
+    <commons-io.version>2.12.0</commons-io.version>
     <commons-jexl.version>1.1</commons-jexl.version>
     <dbunit.version>2.7.3</dbunit.version>
     <fontbox.version>2.0.26</fontbox.version>
-    <fop.version>2.7</fop.version>
-    <!-- NOTE vmeier 2020-06-12: The "fop" dependency contains "ant" 1.8.2 which has CVE-2020-1945.
-       Excluded "ant" from "fop" and defined explicit dependency with "ant" > 1.8.2 .
-       Remove when upgrading "fop" to newer version! -->
-    <ant.version>1.10.12</ant.version>
+    <fop.version>2.8</fop.version>
     <guava.version>31.1-jre</guava.version>
     <jasypt-spring-boot.version>3.0.2</jasypt-spring-boot.version>
     <jperf.version>1.0.3</jperf.version>
     <pdfbox.version>2.0.26</pdfbox.version>
-    <poi.version>5.2.2</poi.version>
-    <spring-boot.version>3.0.4</spring-boot.version>
-    <spring-boot-admin.version>3.0.0</spring-boot-admin.version>
-    <spring-cloud.version>2022.0.0</spring-cloud.version>
+    <poi.version>5.2.3</poi.version>
+    <spring-boot.version>3.1.0</spring-boot.version>
+    <spring-boot-admin.version>3.0.4</spring-boot-admin.version>
+    <spring-cloud.version>2022.0.3</spring-cloud.version>
     <spring-web-flow.version>2.5.1.RELEASE</spring-web-flow.version>
     <openapi.version>2.0.2</openapi.version>
     <token-bucket.version>1.7</token-bucket.version>
-    <xmlgraphics-commons.version>2.7</xmlgraphics-commons.version>
+    <xmlgraphics-commons.version>2.8</xmlgraphics-commons.version>
   </properties>
 
   <dependencyManagement>
@@ -378,20 +374,11 @@
       </dependency>
 
       <!-- Apache FOP -->
-      <dependency>
-        <groupId>org.apache.ant</groupId>
-        <artifactId>ant</artifactId>
-        <version>${ant.version}</version>
-      </dependency>
       <dependency>
         <groupId>org.apache.xmlgraphics</groupId>
         <artifactId>fop</artifactId>
         <version>${fop.version}</version>
         <exclusions>
-          <exclusion>
-            <groupId>org.apache.ant</groupId>
-            <artifactId>ant</artifactId>
-          </exclusion>
           <exclusion>
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>

pom.xml

@@ -105,17 +105,17 @@
     <license.dir>${project.basedir}</license.dir>
 
     <!--plugin versions-->
-    <maven-release-plugin.version>2.5.3</maven-release-plugin.version>
+    <maven-release-plugin.version>3.0.0</maven-release-plugin.version>
     <directory-maven-plugin.version>1.0</directory-maven-plugin.version>
-    <jacoco-maven-plugin.version>0.8.8</jacoco-maven-plugin.version>
-    <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
+    <jacoco-maven-plugin.version>0.8.10</jacoco-maven-plugin.version>
+    <maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
     <maven-enforcer-plugin.version>3.1.0</maven-enforcer-plugin.version>
-    <maven-site-plugin.version>3.9.1</maven-site-plugin.version>
-    <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
-    <maven-surefire-report-plugin.version>2.22.2</maven-surefire-report-plugin.version>
-    <oss-trema-maven-plugin.version>0.3.0</oss-trema-maven-plugin.version>
-    <versions-maven-plugin.version>2.11.0</versions-maven-plugin.version>
-    <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
+    <maven-site-plugin.version>3.12.1</maven-site-plugin.version>
+    <maven-surefire-plugin.version>3.1.0</maven-surefire-plugin.version>
+    <maven-surefire-report-plugin.version>3.1.0</maven-surefire-report-plugin.version>
+    <oss-trema-maven-plugin.version>0.4.0</oss-trema-maven-plugin.version>
+    <versions-maven-plugin.version>2.15.0</versions-maven-plugin.version>
+    <maven-checkstyle-plugin.version>3.3.0</maven-checkstyle-plugin.version>
     <maven-war-plugin.version>3.3.2</maven-war-plugin.version>
     <nexus-staging-maven-plugin.version>1.6.13</nexus-staging-maven-plugin.version>
     <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
@@ -127,7 +127,7 @@
     </sonar.dependencyCheck.jsonReportPath>
     <sonar.dependencyCheck.htmlReportPath>${dependency.check.report.dir}/dependency-check-report.html
     </sonar.dependencyCheck.htmlReportPath>
-    <dependency.check.version>6.3.1</dependency.check.version>
+    <dependency.check.version>8.2.1</dependency.check.version>
     <!-- Sonar checks -->
     <sonar.organization>girders-java</sonar.organization>
     <sonar.host.url>https://sonarcloud.io</sonar.host.url>