feat: bump vulnerable dependencies

meotchwilliams · meotchwilliams · commit 5471bcfbf74d · 2025-11-19T14:20:16.000-07:00
bump coverage
diff --git a/build.gradle b/build.gradle
@@ -1,14 +1,14 @@
 plugins {
-  id "com.github.mxenabled.coppuccino" version "3.2.1"
+  id "com.github.mxenabled.coppuccino" version "4.4.0"
   id "groovy"
   id "java"
   id "maven-publish"
   id "java-gradle-plugin"
-  id "org.jetbrains.kotlin.jvm" version "1.6.10"
+  id "org.jetbrains.kotlin.jvm" version "2.1.0"
 }
 
 group "com.mx.vogue"
-version "1.0.3" // x-release-please-version
+version "2.0.0-SNAPSHOT" // x-release-please-version
 sourceCompatibility = 1.8
 
 repositories {
@@ -19,22 +19,17 @@ repositories {
 }
 
 dependencies {
-  implementation "org.apache.bcel:bcel:[6.6.0,7.0[" // Security update
-  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
+  implementation "org.apache.bcel:bcel:[6.11.0,7.0[" // Security update
+  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.1.0"
   implementation "com.google.code.gson:gson:[2.0,3.0["
-  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3"
-  implementation "com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.42.0"
-  implementation "com.github.spotbugs:spotbugs-annotations:4.7.2" // For annotating classes and methods to suppress SpotBugs violations
+  //FIXME this is pulling in snakeyaml 2.0, which is breaking higher libraries because we are not ready for it
+  //upgrade to 2.15.0 after snakeyaml2
+  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.14.3"
+  implementation "com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.53.0"
+  implementation "com.github.spotbugs:spotbugs-annotations:4.9.8" // For annotating classes and methods to suppress SpotBugs violations
 
-  constraints {
-    implementation ("com.thoughtworks.xstream:xstream:1.4.19") { because "It resolves a bajillion CVEs" }
-  }
-
-  // Unit tests
-  testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:[5.8.0,5.9.0["
-  testImplementation "org.junit.jupiter:junit-jupiter-api:[5.8.0,5.9.0["
-  testImplementation "org.mockito:mockito-inline:[4.0,5.0["
-  testImplementation "org.spockframework:spock-core:2.2-M1-groovy-3.0"
+  api "org.mockito:mockito-inline:[4.0,5.0["
+  api "org.spockframework:spock-core:2.4-M6-groovy-3.0"
 }
 
 gradlePlugin {
@@ -53,30 +48,36 @@ gradlePlugin {
 compileKotlin {
   kotlinOptions {
     jvmTarget = "1.8"
-  } }
+  }
+}
 
 compileTestKotlin {
   kotlinOptions {
     jvmTarget = "1.8"
-  } }
+  }
+}
 
 coppuccino {
   kotlin { enabled = true }
   coverage {
-    minimumCoverage = 0.70
+    minimumCoverage = 0.73
     excludes = [
       "com/mx/vogue/core/models/**"
     ]
   }
 }
 
 sourceSets {
-  test { groovy { srcDirs "src/test/groovy" } }
+  test {
+    groovy {
+      srcDirs "src/test/groovy"
+    }
+  }
 }
 
 test { useJUnitPlatform() }
 
 wrapper {
-  gradleVersion = "7.4.1"
+  gradleVersion = "7.6.3"
   distributionType = Wrapper.DistributionType.ALL
 }
diff --git a/gradle.lockfile b/gradle.lockfile
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.3-all.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/settings.gradle b/settings.gradle
@@ -7,4 +7,4 @@ pluginManagement {
   }
 }
 
-rootProject.name = "vogue"
+rootProject.name = "vogue"
diff --git a/src/main/kotlin/com/mx/vogue/VoguePlugin.kt b/src/main/kotlin/com/mx/vogue/VoguePlugin.kt
@@ -38,7 +38,7 @@ import org.gradle.api.Project
 import org.gradle.api.logging.LogLevel
 
 class VoguePlugin : Plugin<Project> {
-  @Suppress("MaxLineLength")
+  @Suppress("ktlint:standard:max-line-length")
   override fun apply(project: Project) {
     var dependenciesExtension = project.extensions.create("vogue", VogueDependenciesExtension::class.java)
 
diff --git a/src/main/kotlin/com/mx/vogue/core/ReportRenderer.kt b/src/main/kotlin/com/mx/vogue/core/ReportRenderer.kt
@@ -79,12 +79,12 @@ private fun buildUpgradeMessages(dependencyContexts: List<DependencyContext>, bu
   }
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 private fun buildWarningUpgradeMessage(dependencyContext: DependencyContext): String {
   return " - ${yellow(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 private fun buildErrorUpgradeMessage(dependencyContext: DependencyContext): String {
   return " - ${red(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"
 }
diff --git a/src/main/kotlin/com/mx/vogue/core/ReportUtils.kt b/src/main/kotlin/com/mx/vogue/core/ReportUtils.kt
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 @file:Suppress("TooManyFunctions")
+
 package com.mx.vogue.core
 
 import com.mx.vogue.core.exceptions.VogueProcessingException
@@ -51,7 +52,6 @@ fun getPackage(versionsPluginDependency: VersionsPluginDependency): String {
   return "${versionsPluginDependency.group}:${versionsPluginDependency.name}"
 }
 
-@SuppressFBWarnings("BC_BAD_CAST_TO_ABSTRACT_COLLECTION")
 fun getPackageRule(versionsPluginDependency: VersionsPluginDependency, packageRules: List<PackageRule>): PackageRule? {
   return packageRules.firstOrNull {
     Regex(it.`package`).containsMatchIn(getPackage(versionsPluginDependency))
@@ -76,7 +76,7 @@ fun filterStaleSuppressions(packageRules: List<PackageRule>?): List<PackageRule>
   }.toList()
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 fun reportStaleSuppressions(packageRules: List<PackageRule>?) {
   if (packageRules == null) {
     return
@@ -101,7 +101,7 @@ fun reportStaleSuppressions(packageRules: List<PackageRule>?) {
   }
 }
 
-@Suppress("MaxLineLength", "ThrowsCount", "ReturnCount")
+@Suppress("ktlint:standard:max-line-length", "ThrowsCount", "ReturnCount")
 fun shouldSuppressPackageRule(packageRule: PackageRule?): Boolean {
   if (packageRule == null) {
     return false
diff --git a/src/main/kotlin/com/mx/vogue/core/VersionNumber.kt b/src/main/kotlin/com/mx/vogue/core/VersionNumber.kt
@@ -22,7 +22,7 @@ import org.gradle.internal.impldep.com.google.common.base.Objects
 import org.gradle.internal.impldep.com.google.common.collect.Ordering
 import java.util.Locale
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 class VersionNumber private constructor(val major: Int, val minor: Int, val micro: Int, val patch: Int, val qualifier: String?, private val scheme: AbstractScheme) : Comparable<VersionNumber?> {
   constructor(major: Int, minor: Int, micro: Int, qualifier: String?) : this(major, minor, micro, 0, qualifier, DEFAULT_SCHEME)
   constructor(major: Int, minor: Int, micro: Int, patch: Int, qualifier: String?) : this(major, minor, micro, patch, qualifier, PATCH_SCHEME)
@@ -47,7 +47,9 @@ class VersionNumber private constructor(val major: Int, val minor: Int, val micr
     }
     return if (patch != other.patch) {
       patch - other.patch
-    } else Ordering.natural<Comparable<*>>().nullsLast<Comparable<*>?>().compare(toLowerCase(qualifier), toLowerCase(other.qualifier))
+    } else {
+      Ordering.natural<Comparable<*>>().nullsLast<Comparable<*>?>().compare(toLowerCase(qualifier), toLowerCase(other.qualifier))
+    }
   }
 
   override fun equals(other: Any?): Boolean {
diff --git a/src/test/groovy/com/mx/vogue/core/ConfigUtilsTest.groovy b/src/test/groovy/com/mx/vogue/core/ConfigUtilsTest.groovy
@@ -183,4 +183,4 @@ class ConfigUtilsTest extends Specification {
 
     defaultConfig.packageRules[1].package == "com.mx.*"
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -7,4 +7,4 @@ pluginManagement {`
`7`	`7`	`}`
`8`	`8`	`}`
`9`	`9`
`10`		`-rootProject.name = "vogue"`
	`10`	`+rootProject.name = "vogue"`
Original file line number	Diff line number	Diff line change
`@@ -79,12 +79,12 @@ private fun buildUpgradeMessages(dependencyContexts: List<DependencyContext>, bu`
`79`	`79`	`}`
`80`	`80`	`}`
`81`	`81`
`82`		`-@Suppress("MaxLineLength")`
	`82`	`+@Suppress("ktlint:standard:max-line-length")`
`83`	`83`	`private fun buildWarningUpgradeMessage(dependencyContext: DependencyContext): String {`
`84`	`84`	`return " - ${yellow(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"`
`85`	`85`	`}`
`86`	`86`
`87`		`-@Suppress("MaxLineLength")`
	`87`	`+@Suppress("ktlint:standard:max-line-length")`
`88`	`88`	`private fun buildErrorUpgradeMessage(dependencyContext: DependencyContext): String {`
`89`	`89`	`return " - ${red(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"`
`90`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -183,4 +183,4 @@ class ConfigUtilsTest extends Specification {`
`183`	`183`
`184`	`184`	`defaultConfig.packageRules[1].package == "com.mx.*"`
`185`	`185`	`}`
`186`		`-}`
	`186`	`+}`