Merge branch 'main' into spring-webmvctags-to-observations

build.gradle.kts

@@ -145,7 +145,10 @@ dependencies {
         exclude("com.google.auto.service", "auto-service-annotations")
     }
     implementation("org.mongodb:mongo-java-driver:3.12.+")
-    implementation("org.springframework.data:spring-data-mongodb:2.2.+")
+    implementation("org.springframework.data:spring-data-mongodb:2.2.+"){
+        because("We only require the classes (for refaster style recipes), not the dependencies")
+        exclude(group = "org.springframework")
+    }
 
     testRuntimeOnly("ch.qos.logback:logback-classic:1.+")
     testRuntimeOnly(gradleApi())

gradle/wrapper/gradle-wrapper.properties

@@ -1,8 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionSha256Sum=1541fa36599e12857140465f3c91a97409b4512501c26f9631fb113e392c5bd1

src/main/java/org/openrewrite/java/spring/batch/MigrateJobBuilderFactory.java

@@ -22,7 +22,9 @@
 import org.openrewrite.internal.ListUtils;
 import org.openrewrite.java.*;
 import org.openrewrite.java.search.UsesMethod;
-import org.openrewrite.java.tree.*;
+import org.openrewrite.java.tree.J;
+import org.openrewrite.java.tree.Statement;
+import org.openrewrite.java.tree.TypeUtils;
 
 import java.util.List;
 import java.util.stream.Collectors;

src/test/java/org/openrewrite/gradle/spring/AddSpringDependencyManagementPluginTest.java

@@ -17,7 +17,6 @@
 
 import org.junit.jupiter.api.Test;
 import org.openrewrite.DocumentExample;
-import org.openrewrite.Tree;
 import org.openrewrite.gradle.marker.GradlePluginDescriptor;
 import org.openrewrite.gradle.marker.GradleProject;
 import org.openrewrite.maven.tree.MavenRepository;
@@ -97,22 +96,19 @@ implementation platform("org.springframework.boot:spring-boot-starter-dependenci
     }
 
     private static GradleProject gradleProject(GradlePluginDescriptor... gradlePlugins) {
-        return new GradleProject(
-          Tree.randomId(),
-          "group",
-          "example",
-          "version",
-          ":",
-          List.of(gradlePlugins),
-          Collections.emptyList(),
-          Collections.singletonList(MavenRepository.builder()
+        return GradleProject.builder()
+          .group("group")
+          .name("example")
+          .version("version")
+          .path(":")
+          .plugins(List.of(gradlePlugins))
+          .mavenRepositories(Collections.singletonList(MavenRepository.builder()
             .id("Gradle Central Plugin Repository")
             .uri("https://plugins.gradle.org/m2")
             .releases(true)
             .snapshots(true)
-            .build()),
-          Collections.emptyMap()
-        );
+            .build()))
+          .build();
     }
 
     private static GradlePluginDescriptor springBootPlugin() {

suppressions.xml

@@ -1,3 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-data-mongodb-2.2.12.RELEASE.jar
+   ]]>
+        These are required to be able to migrate away from the vulnerable dependencies
+        </notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework\.data/spring-data-mongodb@.*$</packageUrl>
+        <cve>CVE-2022-22980</cve>
+    </suppress>
 </suppressions>