#116 #119 Fix Doxia issues

- #116 Fixed Doxia issues by upgrading maven-reporting-api and maven-reporting-impl versions
- #119 Updated vulnerable dependencies or excluded their vulnerable transitive dependencies
- Updated Maven api & plugin dependency versions

Author: jimbethancourt

pom.xml

@@ -69,7 +69,7 @@
         <sonar.organization>jimbethancourt-github</sonar.organization>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 
-        <maven.core.version>3.9.4</maven.core.version>
+        <maven.core.version>3.9.9</maven.core.version>
     </properties>
 
     <modules>
@@ -140,7 +140,7 @@
             <dependency>
                 <groupId>org.eclipse.jgit</groupId>
                 <artifactId>org.eclipse.jgit</artifactId>
-                <version>6.7.0.202309050840-r</version>
+                <version>6.10.0.202406032230-r</version>
                 <scope>compile</scope>
             </dependency>
 
@@ -183,7 +183,6 @@
 
 
     <dependencies>
-
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
@@ -338,21 +337,21 @@
                 </executions>
                 -->
             </plugin>
-<!--            <plugin>-->
-<!--                <groupId>org.owasp</groupId>-->
-<!--                <artifactId>dependency-check-maven</artifactId>-->
-<!--                <version>6.1.0</version>-->
-<!--                <configuration>-->
-<!--                    <failBuildOnCVSS>8.0</failBuildOnCVSS>-->
-<!--                </configuration>-->
-<!--                <executions>-->
-<!--                    <execution>-->
-<!--                        <goals>-->
-<!--                            <goal>check</goal>-->
-<!--                        </goals>-->
-<!--                    </execution>-->
-<!--                </executions>-->
-<!--            </plugin>-->
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>6.1.0</version>
+                <configuration>
+                    <failBuildOnCVSS>8.0</failBuildOnCVSS>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
             <!--TODO: Add the SNYK plugin-->
             <!-- https://github.com/snyk/snyk-maven-plugin -->
 

refactor-first-maven-plugin/pom.xml

@@ -22,28 +22,6 @@
             <groupId>org.hjug.refactorfirst.report</groupId>
             <artifactId>report</artifactId>
         </dependency>
-        <!-- Doxia -->
-        <!-- Needed since maven-reporting-impl brings in Struts 1.3.8 jars that have CVSS > 8 -->
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-sink-api</artifactId>
-            <version>2.0.0-M6</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-decoration-model</artifactId>
-            <version>2.0.0-M6</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-core</artifactId>
-            <version>2.0.0-M7</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-site-renderer</artifactId>
-            <version>2.0.0-M11</version>
-        </dependency>
 
         <!-- Maven Reporting -->
         <dependency>
@@ -52,35 +30,37 @@
             <version>${maven.core.version}</version>
         </dependency>
 
-        <!-- Maven Reporting -->
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-impl</artifactId>
-            <version>3.2.0</version>
+            <version>4.0.0</version>
+            <exclusions>
+                <!-- Remediates xz-1.9.jar: CVE-2022-1271 -->
+                <!-- Unused transitive dependency -->
+                <exclusion>
+                    <groupId>org.tukaani</groupId>
+                    <artifactId>xz</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-api</artifactId>
-            <version>3.1.1</version>
+            <version>4.0.0</version>
         </dependency>
 
         <!-- plugin API and plugin-tools -->
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-plugin-api</artifactId>
-            <version>3.5.2</version>
+            <version>3.9.9</version>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
-            <version>3.6.1</version>
+            <version>3.15.1</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.maven.shared</groupId>
-            <artifactId>maven-shared-utils</artifactId>
-            <version>3.3.3</version>
-        </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
@@ -92,12 +72,12 @@
         <plugins>
             <plugin>
                 <artifactId>maven-install-plugin</artifactId>
-                <version>2.5.2</version>
+                <version>3.1.3</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
-                <version>3.9.0</version>
+                <version>3.15.1</version>
                 <configuration>
                     <goalPrefix>refactor-first</goalPrefix>
                 </configuration>