chore: maven enforce and fixes (#191)

Moved enforcer-plugin configuration under pluginManagement and enabled
inheritance. This ensures consistent enforcement rules across all
modules in the project.

fix CVE-2024-7254

---------

Co-authored-by: David Mihalcik <[email protected]>

Author: pflynn-virtru

.github/workflows/checks.yaml

@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa
+      - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up JDK
@@ -53,7 +53,7 @@ jobs:
     steps:
       - name: Checkout Java SDK
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa
+      - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up JDK

.github/workflows/release.yaml

@@ -32,7 +32,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Setup Buf
-        uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa
+        uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
       # stage maven profile

pom.xml

@@ -15,7 +15,7 @@
         <maven.compiler.source>11</maven.compiler.source>
         <maven.compiler.target>11</maven.compiler.target>
         <log4j.version>2.20.0</log4j.version>
-        <grpc.version>1.63.0</grpc.version>
+        <grpc.version>1.68.0</grpc.version>
         <protobuf.version>3.25.3</protobuf.version>
         <sslcontext.version>8.3.5</sslcontext.version>
     </properties>
@@ -110,6 +110,36 @@
                 <version>${grpc.version}</version>
                 <scope>runtime</scope>
             </dependency>
+            <dependency>
+                <groupId>com.google.errorprone</groupId>
+                <artifactId>error_prone_annotations</artifactId>
+                <version>2.28.0</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.guava</groupId>
+                <artifactId>guava</artifactId>
+                <version>33.2.1-android</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.protobuf</groupId>
+                <artifactId>protobuf-java</artifactId>
+                <version>3.25.5</version>
+            </dependency>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-api</artifactId>
+                <version>2.0.13</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-codec</groupId>
+                <artifactId>commons-codec</artifactId>
+                <version>1.17.0</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-stdlib</artifactId>
+                <version>1.9.23</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -156,18 +186,16 @@
                     <version>3.0.0</version>
                 </plugin>
                 <plugin>
-                    <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-enforcer-plugin</artifactId>
                     <version>3.0.0</version>
-                    <configuration>
-                        <failFast>false</failFast>
-                        <rules>
-                            <dependencyConvergence/>
-                            <requireUpperBoundDeps/>
-                            <requireSameVersions/>
-                            <banDuplicatePomDependencyVersions/>
-                        </rules>
-                    </configuration>
+                </plugin>
+                <plugin>
+                    <artifactId>maven-resources-plugin</artifactId>
+                    <version>3.3.1</version>
+                </plugin>
+                <plugin>
+                    <artifactId>maven-deploy-plugin</artifactId>
+                    <version>3.1.2</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -195,7 +223,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <inherited>false</inherited>
+                <inherited>true</inherited>
                 <configuration>
                     <failFast>false</failFast>
                     <rules>

sdk/pom.xml

@@ -38,7 +38,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.10.1</version>
+            <version>2.11.0</version>
         </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
@@ -118,7 +118,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13.1</version>
+            <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -234,14 +234,14 @@
                         <configuration>
                             <target>
                                 <!-- Generate OpenTDF Platform Protobuf -->
-                                <exec executable="buf" dir=".">
+                                <exec executable="buf" dir="." failOnError="true">
                                     <arg value="generate"/>
                                     <arg value="https://github.com/opentdf/platform.git#branch=main,subdir=service"/>
                                     <arg value="-o"/>
                                     <arg value="target/generated-sources"/>
                                 </exec>
                                 <!-- Generate gRPC Protobuf -->
-                                <exec executable="buf" dir=".">
+                                <exec executable="buf" dir="." failOnError="true">
                                     <arg value="generate"/>
                                     <arg value="buf.build/grpc-ecosystem/grpc-gateway"/>
                                     <arg value="-o"/>