SONAR-22119 backend minor dependency updates

build.gradle

@@ -11,7 +11,7 @@ plugins {
   id 'com.github.johnrengelman.shadow' version '7.1.2' apply false
   id 'com.google.protobuf' version '0.8.19' apply false
   id 'com.jfrog.artifactory' version '5.1.10'
-  id "de.undercouch.download" version "5.5.0" apply false
+  id "de.undercouch.download" version "5.6.0" apply false
   id 'io.spring.dependency-management' version '1.1.4'
   id "org.cyclonedx.bom" version "1.7.4" apply false
   id 'org.sonarqube' version '5.0.0.4638'
@@ -210,7 +210,7 @@ subprojects {
   ext {
     protobufVersion = '3.24.2'
     springVersion = '5.3.31'
-    elasticSearchVersion = '7.17.19'
+    elasticSearchVersion = '7.17.20'
   }
 
   sonar {
@@ -294,16 +294,16 @@ subprojects {
       dependency('commons-beanutils:commons-beanutils:1.9.4') {
         exclude 'commons-logging:commons-logging'
       }
-      dependency 'commons-codec:commons-codec:1.16.0'
+      dependency 'commons-codec:commons-codec:1.16.1'
       dependency 'commons-dbutils:commons-dbutils:1.8.1'
-      dependency 'commons-io:commons-io:2.15.1'
-      imports { mavenBom 'com.fasterxml.jackson:jackson-bom:2.16.1' }
+      dependency 'commons-io:commons-io:2.16.1'
+      imports { mavenBom 'com.fasterxml.jackson:jackson-bom:2.17.0' }
       dependency 'com.eclipsesource.minimal-json:minimal-json:0.9.5'
       dependencySet(group: 'com.github.scribejava', version: '8.3.3') {
         entry 'scribejava-apis'
         entry 'scribejava-core'
       }
-      dependency('com.github.erosb:json-sKema:0.13.0') {
+      dependency('com.github.erosb:json-sKema:0.15.0') {
         // this version of json-sKema does not make use of commons-collections, so we can exclude it safely
         exclude 'commons-collections:commons-collections'
       }
@@ -314,14 +314,14 @@ subprojects {
       dependency('com.googlecode.json-simple:json-simple:1.1.1') {
         exclude 'junit:junit'
       }
-      dependency 'com.squareup.okio:okio:3.7.0'
+      dependency 'com.squareup.okio:okio:3.9.0'
       dependency 'io.github.hakky54:sslcontext-kickstart:8.3.4'
       dependency 'io.prometheus:simpleclient:0.16.0'
       dependency 'io.prometheus:simpleclient_common:0.16.0'
       dependency 'io.prometheus:simpleclient_servlet:0.16.0'
       dependency 'com.google.code.findbugs:jsr305:3.0.2'
       dependency 'com.google.code.gson:gson:2.10.1'
-      dependency('com.google.guava:guava:33.0.0-jre') {
+      dependency('com.google.guava:guava:33.1.0-jre') {
         exclude 'com.google.errorprone:error_prone_annotations'
         exclude 'com.google.guava:listenablefuture'
         exclude 'com.google.j2objc:j2objc-annotations'
@@ -330,17 +330,17 @@ subprojects {
       }
       dependency "com.google.protobuf:protobuf-java:${protobufVersion}"
       dependency 'com.h2database:h2:2.2.224'
-      dependencySet(group: 'com.hazelcast', version: '5.3.6') {
+      dependencySet(group: 'com.hazelcast', version: '5.4.0') {
         entry 'hazelcast'
       }
       // Documentation must be updated if mssql-jdbc is updated: https://github.com/SonarSource/sonarqube/commit/03e4773ebf6cba854cdcf57a600095f65f4f53e7
-      dependency('com.microsoft.sqlserver:mssql-jdbc:12.6.0.jre11') {
+      dependency('com.microsoft.sqlserver:mssql-jdbc:12.6.1.jre11') {
         exclude 'com.fasterxml.jackson.core:jackson-databind'
       }
       dependency 'com.onelogin:java-saml:2.9.0'
       dependency 'com.oracle.database.jdbc:ojdbc11:23.3.0.23.09'
       dependency 'com.datadoghq:dd-java-agent:1.30.1'
-      dependency 'org.aspectj:aspectjtools:1.9.21'
+      dependency 'org.aspectj:aspectjtools:1.9.22'
       // If this gets updated the dependency on okio 3.5.0 should be reviewed
       dependencySet(group: 'com.squareup.okhttp3', version: '4.12.0') {
         entry 'okhttp'
@@ -357,7 +357,7 @@ subprojects {
         entry 'jjwt-jackson'
       }
       dependency 'com.auth0:java-jwt:4.4.0'
-      dependency 'io.netty:netty-all:4.1.106.Final'
+      dependency 'io.netty:netty-all:4.1.109.Final'
       dependency 'com.sun.mail:javax.mail:1.6.2'
       dependency 'javax.annotation:javax.annotation-api:1.3.2'
       dependency 'javax.inject:javax.inject:1'
@@ -376,18 +376,18 @@ subprojects {
       dependency 'org.xmlunit:xmlunit-matchers:2.9.1'
       dependency 'org.lz4:lz4-java:1.8.0'
       dependency 'net.lightbody.bmp:littleproxy:1.1.0-beta-bmp-17'
-      dependency 'org.awaitility:awaitility:4.2.0'
+      dependency 'org.awaitility:awaitility:4.2.1'
       dependency 'org.apache.commons:commons-collections4:4.4'
       dependency 'org.apache.commons:commons-csv:1.10.0'
       dependency 'org.apache.commons:commons-lang3:3.14.0'
       dependency 'org.apache.commons:commons-email:1.6.0'
-      dependency 'org.apache.commons:commons-text:1.11.0'
+      dependency 'org.apache.commons:commons-text:1.12.0'
       dependency 'com.zaxxer:HikariCP:5.1.0'
       dependency('org.apache.httpcomponents:httpclient:4.5.14') {
         exclude 'commons-logging:commons-logging'
       }
       // Be aware that Log4j is used by Elasticsearch client
-      dependencySet(group: 'org.apache.logging.log4j', version: '2.22.1') {
+      dependencySet(group: 'org.apache.logging.log4j', version: '2.23.1') {
         entry 'log4j-core'
         entry 'log4j-api'
         entry 'log4j-to-slf4j'
@@ -399,7 +399,7 @@ subprojects {
         }
       }
       //transitive dependency of SVNKit, to be re-assessed when updating SVNKit
-      dependency 'org.apache.sshd:sshd-core:2.12.0'
+      dependency 'org.apache.sshd:sshd-core:2.12.1'
       dependency 'org.assertj:assertj-core:3.25.3'
       dependency 'org.assertj:assertj-guava:3.25.3'
       dependency('org.codehaus.sonar:sonar-channel:4.2') {
@@ -423,28 +423,28 @@ subprojects {
       dependency 'org.hamcrest:hamcrest-all:1.3'
       dependency 'org.jsoup:jsoup:1.17.2'
       dependency 'org.mindrot:jbcrypt:0.4'
-      dependency('org.mockito:mockito-core:5.10.0') {
+      dependency('org.mockito:mockito-core:5.11.0') {
         exclude 'org.hamcrest:hamcrest-core'
       }
-      dependency('org.mockito:mockito-junit-jupiter:5.10.0') {
+      dependency('org.mockito:mockito-junit-jupiter:5.11.0') {
         exclude 'org.junit.jupiter:junit-jupiter-api'
       }
       dependency "org.springframework:spring-test:${springVersion}"
-      dependency 'org.mybatis:mybatis:3.5.15'
-      dependencySet(group: 'org.slf4j', version: '2.0.11') {
+      dependency 'org.mybatis:mybatis:3.5.16'
+      dependencySet(group: 'org.slf4j', version: '2.0.13') {
         entry 'jcl-over-slf4j'
         entry 'jul-to-slf4j'
         entry 'log4j-over-slf4j'
         entry 'slf4j-api'
       }
-      dependency 'org.postgresql:postgresql:42.7.1'
+      dependency 'org.postgresql:postgresql:42.7.3'
       dependency 'org.reflections:reflections:0.10.2'
       dependency 'org.simpleframework:simple:5.1.6'
       dependency 'org.sonarsource.git.blame:git-files-blame:1.0.2.275'
-      dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit4:4.8.0.1898') {
+      dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit4:4.9.0.1920') {
         exclude 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml'
       }
-      dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit5:4.8.0.1898') {
+      dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit5:4.9.0.1920') {
         exclude 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml'
       }
       dependency 'org.junit.platform:junit-platform-suite-api:1.10.2'
@@ -456,14 +456,14 @@ subprojects {
       dependency ("org.springframework:spring-webmvc:${springVersion}") {
           exclude 'commons-logging:commons-logging'
       }
-      dependency 'org.springdoc:springdoc-openapi-webmvc-core:1.7.0'
+      dependency 'org.springdoc:springdoc-openapi-webmvc-core:1.8.0'
       dependency 'org.subethamail:subethasmtp:3.1.7'
       dependency 'org.yaml:snakeyaml:2.2'
       dependency 'org.hibernate:hibernate-validator:6.2.5.Final'
       dependency 'javax.el:javax.el-api:3.0.0'
       dependency 'org.glassfish:jakarta.el:3.0.4'
-      dependency 'org.kohsuke:github-api:1.318'
-      dependency 'org.wiremock:wiremock-standalone:3.5.2'
+      dependency 'org.kohsuke:github-api:1.321'
+      dependency 'org.wiremock:wiremock-standalone:3.5.4'
 
       // please keep this list alphabetically ordered
     }
@@ -712,8 +712,8 @@ subprojects {
       testImplementation project(":ut-monitoring")
       testImplementation project(":test-monitoring")
 
-      utMonitoring 'org.aspectj:aspectjweaver:1.9.21'
-      testMonitoring 'org.aspectj:aspectjweaver:1.9.21'
+      utMonitoring 'org.aspectj:aspectjweaver:1.9.22'
+      testMonitoring 'org.aspectj:aspectjweaver:1.9.22'
       ddAgent 'com.datadoghq:dd-java-agent'
     }
 

server/sonar-alm-client/build.gradle

@@ -10,7 +10,7 @@ dependencies {
     api 'commons-codec:commons-codec'
     api 'org.kohsuke:github-api'
     api 'com.auth0:java-jwt'
-    api 'org.bouncycastle:bcpkix-jdk18on:1.77'
+    api 'org.bouncycastle:bcpkix-jdk18on:1.78.1'
     api 'org.sonarsource.api.plugin:sonar-plugin-api'
     api project(':server:sonar-auth-github')
     api project(':server:sonar-auth-gitlab')

server/sonar-main/build.gradle

@@ -35,6 +35,6 @@ dependencies {
   testImplementation 'org.mockito:mockito-core'
   testImplementation 'com.squareup.okhttp3:mockwebserver'
   testImplementation 'com.squareup.okhttp3:okhttp-tls'
-  testImplementation 'commons-logging:commons-logging:1.3.0'
+  testImplementation 'commons-logging:commons-logging:1.3.1'
   testImplementation project(':sonar-testing-harness')
 }

test-monitoring/build.gradle

@@ -15,7 +15,7 @@ dependencies {
 
     testImplementation 'org.assertj:assertj-core'
     testImplementation 'org.mockito:mockito-core'
-    testImplementation 'org.aspectj:aspectjweaver:1.9.21'
+    testImplementation 'org.aspectj:aspectjweaver:1.9.22'
 }
 
 tasks.withType(JavaCompile) {