update dependencies

frantuma · frantuma · commit de39fd3459b9 · 2023-03-23T20:06:42.000+01:00
diff --git a/.github/workflows/maven-v1.yml b/.github/workflows/maven-v1.yml
@@ -31,13 +31,20 @@ jobs:
       - name: Build with Maven, Deploy snapshot to maven central
         run: |
           mvn --no-transfer-progress -B verify --file pom.xml
-          export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
-          echo "POM VERSION" ${MY_POM_VERSION}
-          if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
+          export MY_JAVA_VERSION=`java -version 2>&1 | head -1 | cut -d'"' -f2 | sed '/^1\./s///' | cut -d'.' -f1`
+          echo "JAVA VERSION" ${MY_JAVA_VERSION}
+          if [[ ${MY_JAVA_VERSION} == "8" ]];
           then
-              mvn --no-transfer-progress -B clean deploy
+            export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
+            echo "POM VERSION" ${MY_POM_VERSION}
+            if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
+            then
+                mvn --no-transfer-progress -B clean deploy
+            else
+                echo "not deploying release: " ${MY_POM_VERSION}
+            fi
           else
-              echo "not deploying release: " ${MY_POM_VERSION}
+            echo "not deploying on java version: " ${MY_JAVA_VERSION}
           fi
         env:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
diff --git a/.github/workflows/next-snapshot-v1.yml b/.github/workflows/next-snapshot-v1.yml
@@ -20,10 +20,10 @@ jobs:
       uses: actions/setup-python@v2
       with:
         python-version: 2.7
-    - name: Set up Java 8
+    - name: Set up Java 11
       uses: actions/setup-java@v1
       with:
-        java-version: 8
+        java-version: 11
         server-id: ossrh
         server-username: MAVEN_USERNAME
         server-password: MAVEN_PASSWORD
diff --git a/modules/swagger-compat-spec-parser/pom.xml b/modules/swagger-compat-spec-parser/pom.xml
@@ -62,7 +62,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.13</version>
+            <version>4.5.14</version>
         </dependency>
         <dependency>
             <groupId>org.jmockit</groupId>
diff --git a/modules/swagger-parser/pom.xml b/modules/swagger-parser/pom.xml
@@ -18,6 +18,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-surefire-plugin</artifactId>
+                        <version>${surefire-version}</version>
                         <configuration>
                             <groups>single</groups>
                             <workingDirectory>.</workingDirectory>
diff --git a/modules/swagger-parser/src/main/java/io/swagger/parser/util/DeserializationUtils.java b/modules/swagger-parser/src/main/java/io/swagger/parser/util/DeserializationUtils.java
@@ -189,21 +189,29 @@ public static org.yaml.snakeyaml.Yaml buildSnakeYaml(BaseConstructor constructor
             return new org.yaml.snakeyaml.Yaml(constructor);
         }
         try {
-            LoaderOptions loaderOptions = new LoaderOptions();
+            LoaderOptions loaderOptions = buildLoaderOptions();
+            org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml(constructor, new Representer(new DumperOptions()), new DumperOptions(), loaderOptions, new CustomResolver());
+            return yaml;
+        } catch (Exception e) {
+            //
+            LOGGER.error("error building snakeYaml", e);
+        }
+        return new org.yaml.snakeyaml.Yaml(constructor);
+    }
+
+    public static LoaderOptions buildLoaderOptions() {
+        LoaderOptions loaderOptions = new LoaderOptions();
+        try {
             Method method = LoaderOptions.class.getMethod("setMaxAliasesForCollections", int.class);
             method.invoke(loaderOptions, options.getMaxYamlAliasesForCollections());
             method = LoaderOptions.class.getMethod("setAllowRecursiveKeys", boolean.class);
             method.invoke(loaderOptions, options.isYamlAllowRecursiveKeys());
-            org.yaml.snakeyaml.Yaml yaml = new org.yaml.snakeyaml.Yaml(constructor, new Representer(), new DumperOptions(), loaderOptions, new CustomResolver());
-            return yaml;
         } catch (ReflectiveOperationException e) {
-            //
             LOGGER.debug("using snakeyaml < 1.25, not setting YAML Billion Laughs Attack snakeyaml level protection");
         }
-        return new org.yaml.snakeyaml.Yaml(constructor);
+        return loaderOptions;
     }
 
-
     public static JsonNode readYamlTree(String contents, SwaggerDeserializationResult errorOutput) throws IOException {
 
         if (!options.isSupportYamlAnchors()) {
@@ -214,7 +222,7 @@ public static JsonNode readYamlTree(String contents, SwaggerDeserializationResul
             if (options.isValidateYamlInput()) {
                 yaml = buildSnakeYaml(new CustomSnakeYamlConstructor());
             } else {
-                yaml = buildSnakeYaml(new SafeConstructor());
+                yaml = buildSnakeYaml(new SafeConstructor(buildLoaderOptions()));
             }
 
             Object o = yaml.load(contents);
@@ -358,6 +366,9 @@ public SnakeException(String message, Throwable cause) {
 
     static class CustomSnakeYamlConstructor extends SafeConstructor {
 
+        public CustomSnakeYamlConstructor() {
+            super(buildLoaderOptions());
+        }
         private boolean checkNode(MappingNode node, Integer depth) {
             if (node.getValue() == null) return true;
             if (depth > options.getMaxYamlDepth()) return false;
diff --git a/pom.xml b/pom.xml
@@ -110,7 +110,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>2.4</version>
+                <version>3.3.0</version>
                 <configuration>
                     <excludes>
                         <exclude>**/logback.xml</exclude>
@@ -127,7 +127,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.5</version>
+                <version>3.10.1</version>
                 <configuration>
                     <source>1.8</source>
                     <target>1.8</target>
@@ -136,7 +136,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.7</version>
+                <version>3.5.0</version>
                 <configuration>
                     <aggregate>true</aggregate>
                     <source>1.7</source>
@@ -159,7 +159,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>2.1.2</version>
+                <version>3.2.1</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -173,7 +173,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.7.5.201505241946</version>
+                <version>0.8.8</version>
                 <executions>
                     <execution>
                         <id>default-prepare-agent</id>
@@ -206,7 +206,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.0.0-M2</version>
+                <version>3.2.1</version>
                 <executions>
                     <execution>
                         <id>enforce-no-snapshots</id>
@@ -228,7 +228,7 @@
             <plugin>
                 <groupId>org.sonatype.plugins</groupId>
                 <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.6.8</version>
+                <version>1.6.13</version>
                 <extensions>true</extensions>
                 <configuration>
                     <serverId>ossrh</serverId>
@@ -258,7 +258,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-enforcer-plugin</artifactId>
-                    <version>3.0.0-M2</version>
+                    <version>3.2.1</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -391,15 +391,16 @@
         </repository>
     </repositories>
     <properties>
+        <!--<maven.compiler.release>8</maven.compiler.release>-->
         <commons-io-version>2.11.0</commons-io-version>
-        <snakeyaml-version>1.33</snakeyaml-version>
-        <slf4j-version>1.7.28</slf4j-version>
-        <swagger-core-version>1.6.9</swagger-core-version>
-        <junit-version>4.13.1</junit-version>
+        <snakeyaml-version>2.0</snakeyaml-version>
+        <slf4j-version>1.7.36</slf4j-version>
+        <swagger-core-version>1.6.10</swagger-core-version>
+        <junit-version>4.13.2</junit-version>
         <testng-version>6.9.6</testng-version>
         <jmockit-version>1.19</jmockit-version>
-        <wiremock-version>2.25.0</wiremock-version>
-        <surefire-version>2.18.1</surefire-version>
+        <wiremock-version>2.27.2</wiremock-version>
+        <surefire-version>2.22.2</surefire-version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <sonatypeOssDistMgmtSnapshotsUrl>https://oss.sonatype.org/content/repositories/snapshots/</sonatypeOssDistMgmtSnapshotsUrl>
     </properties>
