fix: Update dependency versions

fortify · Mar 22, 2024 · 393e222 · 393e222
1 parent 3b79487
commit 393e222
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/build.gradle b/build.gradle
@@ -24,11 +24,11 @@
  ******************************************************************************/
 
 plugins {
-	id "org.springframework.boot" version "2.7.10"
-	id 'com.github.jk1.dependency-license-report' version '2.1'
+	id "org.springframework.boot" version "2.7.18"
+	id 'com.github.jk1.dependency-license-report' version '2.6'
 	id "org.kordamp.gradle.markdown" version "2.2.0"
-	id 'com.google.cloud.tools.jib' version '3.3.1'
-	id "io.freefair.lombok" version "8.0.1"
+	id 'com.google.cloud.tools.jib' version '3.4.1'
+	id "io.freefair.lombok" version "8.6"
 	id 'eclipse'
 }
 
@@ -73,20 +73,20 @@ allprojects {
 // Set up dependency management for all projects
 allprojects {
 	dependencies {
-		implementation platform('com.fortify.client.api:fortify-client-api-bom:6.1.7.RELEASE')
+		implementation platform('com.fortify.client.api:fortify-client-api-bom:6.1.8.RELEASE')
 		implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
 
 		constraints {
 			implementation 'javax.validation:validation-api:2.0.1.Final'
 			implementation 'org.hibernate:hibernate-validator:6.2.5.Final'
 			implementation 'org.hibernate:hibernate-validator-annotation-processor:6.2.5.Final'
-			implementation 'org.jsoup:jsoup:1.14.3'
+			implementation 'org.jsoup:jsoup:1.17.2'
 			implementation 'com.google.code.findbugs:jsr305:3.0.2'
 			// Spring Boot declares dependency on snakeyaml 1.30, which contains known 
 			// vulnerabilities. According to https://stackoverflow.com/a/75875594, our 
 			// Spring Boot version is compatible with snakeyaml 2.0, which doesn't have 
 			// any known vulnerabilities, so we override the version here.
-			implementation 'org.yaml:snakeyaml:2.0'
+			implementation 'org.yaml:snakeyaml:2.2'
 		}
 	}
 }

diff --git a/src/main/java/com/fortify/vulnexport/FortifyVulnerabilityExporterExpressionHelper.java b/src/main/java/com/fortify/vulnexport/FortifyVulnerabilityExporterExpressionHelper.java
@@ -40,7 +40,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
-import org.jsoup.safety.Whitelist;
+import org.jsoup.safety.Safelist;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.common.TemplateParserContext;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
@@ -129,7 +129,7 @@ public static final String htmlToText(String html) {
 			document.select("br").append("\\n");
 			document.select("p").prepend("\\n\\n");
 			String s = document.html().replaceAll("\\\\n", "\n");
-			return Jsoup.clean(s, "", Whitelist.none(), new Document.OutputSettings().prettyPrint(false));
+			return Jsoup.clean(s, "", Safelist.none(), new Document.OutputSettings().prettyPrint(false));
 		}
 
 		/**
@@ -138,7 +138,7 @@ public static final String htmlToText(String html) {
 		 */
 		public static final String htmlToSingleLineText(String html) {
 			if( html==null ) { return null; }
-			return Jsoup.clean(html, "", Whitelist.none());
+			return Jsoup.clean(html, "", Safelist.none());
 		}
 
 		/**