Merge pull request #382 from sepe81/update-dependencies
WW-5048 Update various dependencies to newest version
diff --git a/core/src/test/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProviderTest.java b/core/src/test/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProviderTest.java
index 6aefed8..5c56e3a 100644
--- a/core/src/test/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProviderTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProviderTest.java
@@ -27,7 +27,6 @@
import com.opensymphony.xwork2.config.entities.ResultTypeConfig;
import com.opensymphony.xwork2.config.impl.MockConfiguration;
import com.opensymphony.xwork2.util.ClassLoaderUtil;
-import com.sun.org.apache.xerces.internal.dom.ElementImpl;
import org.w3c.dom.Document;
import java.io.File;
@@ -326,8 +325,8 @@
// tag body (as reported with WW-5029).
final String fakeBodyString = "allowedMethod1,allowedMethod2,allowedMethod3";
PackageConfig.Builder testPackageConfigBuilder = new PackageConfig.Builder("allowedMethodsPackage");
- List<String> singleStringList = new ArrayList(1);
- List<String> multipleStringList = new ArrayList(4);
+ List<String> singleStringList = new ArrayList<>(1);
+ List<String> multipleStringList = new ArrayList<>(4);
singleStringList.add(fakeBodyString);
multipleStringList.add("allowedMethod1,");
multipleStringList.add("allowed");
@@ -380,8 +379,8 @@
// tag body (as reported with WW-5029).
final String fakeBodyString = "allowedMethod1,allowedMethod2,allowedMethod3";
PackageConfig.Builder testPackageConfigBuilder = new PackageConfig.Builder("globalAllowedMethodsPackage");
- List<String> singleStringList = new ArrayList(1);
- List<String> multipleStringList = new ArrayList(4);
+ List<String> singleStringList = new ArrayList<>(1);
+ List<String> multipleStringList = new ArrayList<>(4);
singleStringList.add(fakeBodyString);
multipleStringList.add("allowedMethod4,");
multipleStringList.add("allowed");
@@ -448,10 +447,10 @@
resultTypeConfigBuilder.defaultResultParam(resultParam);
ResultTypeConfig resultTypeConfig = resultTypeConfigBuilder.build();
testPackageConfigBuilder.addResultTypeConfig(resultTypeConfig);
- List<String> singleStringList = new ArrayList(1);
- List<String> singleStringList2 = new ArrayList(1);
- List<String> multipleStringList = new ArrayList(4);
- List<String> multipleStringList2 = new ArrayList(4);
+ List<String> singleStringList = new ArrayList<>(1);
+ List<String> singleStringList2 = new ArrayList<>(1);
+ List<String> multipleStringList = new ArrayList<>(4);
+ List<String> multipleStringList2 = new ArrayList<>(4);
singleStringList.add(fakeBodyString);
singleStringList2.add(fakeBodyString2);
multipleStringList.add("/SomePath");
@@ -539,10 +538,10 @@
resultTypeConfigBuilder.defaultResultParam(resultParam);
ResultTypeConfig resultTypeConfig = resultTypeConfigBuilder.build();
testPackageConfigBuilder.addResultTypeConfig(resultTypeConfig);
- List<String> singleStringList = new ArrayList(1);
- List<String> singleStringList2 = new ArrayList(1);
- List<String> multipleStringList = new ArrayList(4);
- List<String> multipleStringList2 = new ArrayList(4);
+ List<String> singleStringList = new ArrayList<>(1);
+ List<String> singleStringList2 = new ArrayList<>(1);
+ List<String> multipleStringList = new ArrayList<>(4);
+ List<String> multipleStringList2 = new ArrayList<>(4);
singleStringList.add(fakeBodyString);
singleStringList2.add(fakeBodyString2);
multipleStringList.add("/SomePath");
@@ -664,7 +663,7 @@
List<Node> nodeList;
public MockNodeList() {
- this.nodeList = new ArrayList(0);
+ this.nodeList = new ArrayList<>(0);
}
/**
@@ -676,24 +675,24 @@
public MockNodeList(List<String> stringList) {
if (stringList != null) {
final int nodeListLength = stringList.size();
- this.nodeList = new ArrayList(nodeListLength);
+ this.nodeList = new ArrayList<>(nodeListLength);
for (int index = 0; index < nodeListLength; index++) {
this.nodeList.add(new MockNode("node" + index, stringList.get(index), Node.TEXT_NODE, null, null));
}
} else {
- this.nodeList = new ArrayList(0);
+ this.nodeList = new ArrayList<>(0);
}
}
public MockNodeList(NodeList nodeList) {
if (nodeList != null) {
final int nodeListLength = nodeList.getLength();
- this.nodeList = new ArrayList(nodeListLength);
+ this.nodeList = new ArrayList<>(nodeListLength);
for (int index = 0; index < nodeListLength; index++) {
this.nodeList.add(nodeList.item(index));
}
} else {
- this.nodeList = new ArrayList(0);
+ this.nodeList = new ArrayList<>(0);
}
}
@@ -704,7 +703,7 @@
this.nodeList.add(nodeList.get(index));
}
} else {
- this.nodeList = new ArrayList(0);
+ this.nodeList = new ArrayList<>(0);
}
}
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index 30480cd..c3016de 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -19,15 +19,93 @@
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
- <notes><![CDATA[
- This suppresses false positives identified on Struts Annotations.
- ]]></notes>
- <gav regex="true">org\.apache\.struts:struts\-annotations\:1\.0\.6.*$</gav>
- <cpe>cpe:/a:apache:struts:1.0.6</cpe>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <cpe>cpe:/a:apache:struts</cpe>
</suppress>
<suppress>
<notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
- <gav regex="true">^org\.apache\.struts:struts\-core\:1\.3\.8.*$</gav>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2011-5057</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2012-0391</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2012-0392</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2012-0393</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2012-0394</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2012-0838</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2013-1965</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2013-1966</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2013-2115</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2013-2134</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2013-2135</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2014-0094</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2014-0113</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2015-5169</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2016-0785</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-core-1.3.8.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
+ <vulnerabilityName>CVE-2016-4003</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: struts-annotations-1.0.6.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-annotations@.*$</packageUrl>
<cpe>cpe:/a:apache:struts</cpe>
</suppress>
<suppress>
@@ -40,4 +118,34 @@
<gav regex="true">^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$</gav>
<cpe>cpe:/a:apache:struts</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[file name: dom4j-1.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/dom4j/dom4j@.*$</packageUrl>
+ <vulnerabilityName>CVE-2018-1000632</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: bsh-2.0b4.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.beanshell/bsh@.*$</packageUrl>
+ <vulnerabilityName>CVE-2016-2510</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[ file name: plexus-utils-1.2.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+ <cpe>cpe:/a:plexus-utils_project:plexus-utils</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: plexus-utils-1.2.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+ <vulnerabilityName>CVE-2017-1000487</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: plexus-utils-1.2.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+ <vulnerabilityName>Directory traversal in org.codehaus.plexus.util.Expand</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: plexus-utils-1.2.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+ <vulnerabilityName>Possible XML Injection</vulnerabilityName>
+ </suppress>
</suppressions>
\ No newline at end of file