Merge branch 'main' into dependabot/maven/org.jetbrains.kotlin-kotlin…

…-bom-2.1.0
openrewrite · Dec 11, 2024 · 23e6f8a · 23e6f8a
2 parents e8a45e6 + eb07e2e
commit 23e6f8a
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 28 deletions.
diff --git a/pom.xml b/pom.xml
@@ -117,13 +117,6 @@
                 <scope>import</scope>
                 <type>pom</type>
             </dependency>
-            <dependency>
-                <groupId>org.jetbrains.kotlin</groupId>
-                <artifactId>kotlin-bom</artifactId>
-                <version>${kotlin.version}</version>
-                <scope>import</scope>
-                <type>pom</type>
-            </dependency>
             <dependency>
                 <groupId>io.rsocket</groupId>
                 <artifactId>rsocket-bom</artifactId>
@@ -142,13 +135,13 @@
             <dependency>
                 <groupId>org.apache.maven</groupId>
                 <artifactId>maven-api-meta</artifactId>
-                <version>4.0.0-beta-5</version>
+                <version>4.0.0-rc-1</version>
                 <scope>provided</scope>
             </dependency>
             <dependency>
                 <groupId>org.apache.maven</groupId>
                 <artifactId>maven-api-xml</artifactId>
-                <version>4.0.0-beta-5</version>
+                <version>4.0.0-rc-1</version>
                 <scope>provided</scope>
             </dependency>
             <dependency>
@@ -223,10 +216,6 @@
             <artifactId>plexus-xml</artifactId>
             <version>4.0.4</version>
         </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.module</groupId>
-            <artifactId>jackson-module-kotlin</artifactId>
-        </dependency>
         <dependency>
             <groupId>io.micrometer.prometheus</groupId>
             <artifactId>prometheus-rsocket-client</artifactId>
@@ -449,7 +438,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.1</version>
+                <version>3.11.2</version>
                 <executions>
                     <execution>
                         <phase>prepare-package</phase>
@@ -538,7 +527,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>11.1.0</version>
+                <version>11.1.1</version>
                 <configuration>
                     <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                     <failBuildOnCVSS>9</failBuildOnCVSS>

diff --git a/src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java b/src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java
@@ -142,6 +142,7 @@ protected Set<String> getPlainTextMasks() {
                 "**/*.jelly",
                 "**/*.jsp",
                 "**/*.ksh",
+                "**/*.lock",
                 "**/lombok.config",
                 "**/*.md",
                 "**/*.mf",

diff --git a/src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java b/src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java
@@ -646,12 +646,10 @@ private void collectPoms(MavenProject project, Set<Path> paths, MavenExecutionCo
 
     private static Path pomPath(MavenProject mavenProject) {
         Path pomPath = mavenProject.getFile().toPath();
-        // org.codehaus.mojo:flatten-maven-plugin produces a synthetic pom unsuitable for our purposes, use the regular pom instead
-        if (pomPath.endsWith(".flattened-pom.xml")) {
-            return mavenProject.getBasedir().toPath().resolve("pom.xml");
-        }
-        // org.eclipse.tycho:tycho-packaging-plugin:update-consumer-pom produces a synthetic pom
-        if (pomPath.endsWith(".tycho-consumer-pom.xml")) {
+        if (pomPath.endsWith(".flattened-pom.xml") ||// org.codehaus.mojo:flatten-maven-plugin
+                pomPath.endsWith("dependency-reduced-pom.xml") || // org.apache.maven.plugins:maven-shade-plugin
+                pomPath.endsWith(".ci-friendly-pom.xml") || // com.outbrain.swinfra:ci-friendly-flatten-maven-plugin
+                pomPath.endsWith(".tycho-consumer-pom.xml")) { // org.eclipse.tycho:tycho-packaging-plugin:update-consumer-pom
             Path normalPom = mavenProject.getBasedir().toPath().resolve("pom.xml");
             // check for the existence of the POM, since Tycho can work pom-less
             if (Files.isReadable(normalPom) && Files.isRegularFile(normalPom)) {

diff --git a/suppressions.xml b/suppressions.xml
@@ -43,13 +43,6 @@
         <cve>CVE-2023-2976</cve>
         <cve>CVE-2020-8908</cve>
     </suppress>
-    <suppress until="2024-10-27Z">
-        <notes><![CDATA[
-            file name: snappy-java-1.1.10.1.jar
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.xerial\.snappy/snappy\-java@.*$</packageUrl>
-        <cve>CVE-2023-43642</cve>
-    </suppress>
     <suppress until="2024-12-13Z">
         <notes><![CDATA[
             file name: rewrite-core-8.6.0-SNAPSHOT.jar (shaded: org.eclipse.jgit:org.eclipse.jgit:5.13.2.202306221912-r)