feat: bump vulnerable dependencies

bump coverage

Author: meotchwilliams

build.gradle

@@ -1,14 +1,14 @@
 plugins {
-  id "com.github.mxenabled.coppuccino" version "3.2.1"
+  id "com.github.mxenabled.coppuccino" version "4.4.2"
   id "groovy"
   id "java"
   id "maven-publish"
   id "java-gradle-plugin"
-  id "org.jetbrains.kotlin.jvm" version "1.6.10"
+  id "org.jetbrains.kotlin.jvm" version "2.1.0"
 }
 
 group "com.mx.vogue"
-version "1.0.3" // x-release-please-version
+version "2.0.0-SNAPSHOT" // x-release-please-version
 sourceCompatibility = 1.8
 
 repositories {
@@ -19,22 +19,17 @@ repositories {
 }
 
 dependencies {
-  implementation "org.apache.bcel:bcel:[6.6.0,7.0[" // Security update
-  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
+  implementation "org.apache.bcel:bcel:[6.11.0,7.0[" // Security update
+  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.1.0"
   implementation "com.google.code.gson:gson:[2.0,3.0["
-  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3"
-  implementation "com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.42.0"
-  implementation "com.github.spotbugs:spotbugs-annotations:4.7.2" // For annotating classes and methods to suppress SpotBugs violations
+  //FIXME this is pulling in snakeyaml 2.0, which is breaking higher libraries because we are not ready for it
+  //upgrade to 2.15.0 after snakeyaml2
+  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.14.3"
+  implementation "com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.53.0"
+  implementation "com.github.spotbugs:spotbugs-annotations:4.9.8" // For annotating classes and methods to suppress SpotBugs violations
 
-  constraints {
-    implementation ("com.thoughtworks.xstream:xstream:1.4.19") { because "It resolves a bajillion CVEs" }
-  }
-
-  // Unit tests
-  testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:[5.8.0,5.9.0["
-  testImplementation "org.junit.jupiter:junit-jupiter-api:[5.8.0,5.9.0["
-  testImplementation "org.mockito:mockito-inline:[4.0,5.0["
-  testImplementation "org.spockframework:spock-core:2.2-M1-groovy-3.0"
+  api "org.mockito:mockito-inline:[4.0,5.0["
+  api "org.spockframework:spock-core:2.4-M6-groovy-3.0"
 }
 
 gradlePlugin {
@@ -53,30 +48,36 @@ gradlePlugin {
 compileKotlin {
   kotlinOptions {
     jvmTarget = "1.8"
-  } }
+  }
+}
 
 compileTestKotlin {
   kotlinOptions {
     jvmTarget = "1.8"
-  } }
+  }
+}
 
 coppuccino {
   kotlin { enabled = true }
   coverage {
-    minimumCoverage = 0.70
+    minimumCoverage = 0.73
     excludes = [
       "com/mx/vogue/core/models/**"
     ]
   }
 }
 
 sourceSets {
-  test { groovy { srcDirs "src/test/groovy" } }
+  test {
+    groovy {
+      srcDirs "src/test/groovy"
+    }
+  }
 }
 
 test { useJUnitPlatform() }
 
 wrapper {
-  gradleVersion = "7.4.1"
+  gradleVersion = "7.6.3"
   distributionType = Wrapper.DistributionType.ALL
 }

gradle.lockfile

@@ -1,5 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.3-all.zip
+networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.jar

@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,10 +80,10 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
@@ -143,12 +143,16 @@ fi
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045 
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045 
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -205,6 +209,12 @@ set -- \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

gradle/wrapper/gradle-wrapper.properties

@@ -14,7 +14,7 @@
 @rem limitations under the License.
 @rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +25,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal

gradlew

@@ -7,4 +7,4 @@ pluginManagement {
   }
 }
 
-rootProject.name = "vogue"
+rootProject.name = "vogue"

gradlew.bat

@@ -38,7 +38,7 @@ import org.gradle.api.Project
 import org.gradle.api.logging.LogLevel
 
 class VoguePlugin : Plugin<Project> {
-  @Suppress("MaxLineLength")
+  @Suppress("ktlint:standard:max-line-length")
   override fun apply(project: Project) {
     var dependenciesExtension = project.extensions.create("vogue", VogueDependenciesExtension::class.java)
 

settings.gradle

@@ -79,12 +79,12 @@ private fun buildUpgradeMessages(dependencyContexts: List<DependencyContext>, bu
   }
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 private fun buildWarningUpgradeMessage(dependencyContext: DependencyContext): String {
   return " - ${yellow(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 private fun buildErrorUpgradeMessage(dependencyContext: DependencyContext): String {
   return " - ${red(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"
 }

src/main/kotlin/com/mx/vogue/VoguePlugin.kt

@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 @file:Suppress("TooManyFunctions")
+
 package com.mx.vogue.core
 
 import com.mx.vogue.core.exceptions.VogueProcessingException
@@ -51,7 +52,6 @@ fun getPackage(versionsPluginDependency: VersionsPluginDependency): String {
   return "${versionsPluginDependency.group}:${versionsPluginDependency.name}"
 }
 
-@SuppressFBWarnings("BC_BAD_CAST_TO_ABSTRACT_COLLECTION")
 fun getPackageRule(versionsPluginDependency: VersionsPluginDependency, packageRules: List<PackageRule>): PackageRule? {
   return packageRules.firstOrNull {
     Regex(it.`package`).containsMatchIn(getPackage(versionsPluginDependency))
@@ -76,7 +76,7 @@ fun filterStaleSuppressions(packageRules: List<PackageRule>?): List<PackageRule>
   }.toList()
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 fun reportStaleSuppressions(packageRules: List<PackageRule>?) {
   if (packageRules == null) {
     return
@@ -101,7 +101,7 @@ fun reportStaleSuppressions(packageRules: List<PackageRule>?) {
   }
 }
 
-@Suppress("MaxLineLength", "ThrowsCount", "ReturnCount")
+@Suppress("ktlint:standard:max-line-length", "ThrowsCount", "ReturnCount")
 fun shouldSuppressPackageRule(packageRule: PackageRule?): Boolean {
   if (packageRule == null) {
     return false