Update dependency org.apache.commons:commons-text to v1.13.0

2025-03-23 06:25:00 +00:00
4 changed files with 115 additions and 33 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,13 +1,77 @@
-kind: template
-load: java-build-deploy.yaml
-data:
-  arch: arm64
+kind: pipeline
+type: docker
+name: build
+platform:
  os: linux
-  build_branches:
+  arch: arm64
+
+trigger:
+  branch:
    - main
-  build_events:
+  event:
    - push
    - pull_request
-  sonar_project_key: HidekoBot
-  deploy_targets:
-    - production
+
+steps:
+  # test if it compiles correctly
+  - name: build
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn verify --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V
+
+  # run unit tests
+  - name: test
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn test --no-transfer-progress -B -V
+
+  # check maven dependencies
+  - name: dependency-check
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn dependency-check:check --no-transfer-progress -B -V -DnvdApiKey=$NVD_API_KEY
+    environment:
+      NVD_API_KEY:
+        from_secret: nvd_api_key
+
+  # run code analysis
+  - name: code-analysis
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn sonar:sonar --no-transfer-progress -Dsonar.projectKey=$SONAR_PROJECT_KEY -Dsonar.host.url=$SONAR_INSTANCE_URL -Dsonar.token=$SONAR_LOGIN_KEY -B -V
+    environment:
+      SONAR_PROJECT_KEY:
+        from_secret: sonar_project_key
+      SONAR_INSTANCE_URL:
+        from_secret: sonar_instance_url
+      SONAR_LOGIN_KEY:
+        from_secret: sonar_login_key
+
+---
+
+kind: pipeline
+type: docker
+name: deploy
+platform:
+  os: linux
+  arch: arm64
+
+trigger:
+  event:
+    - promote
+  target:
+    - production
+
+steps:
+  # skip all previous steps because they were already ran in the "build" phase; we don't need to re-analyze the code.
+
+  # upload to maven repository
+  - name: maven-deploy
+    image: maven:3-eclipse-temurin-21
+    commands:
+      - mvn deploy --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V -gs settings.xml -Dmaven.repo.username=$MAVEN_REPO_USERNAME -Dmaven.repo.password=$MAVEN_REPO_PASSWORD
+    environment:
+      MAVEN_REPO_USERNAME:
+        from_secret: maven_repo_username
+      MAVEN_REPO_PASSWORD:
+        from_secret: maven_repo_password
--- a/README.MD
+++ b/README.MD
@@ -1,9 +1,9 @@
 # HidekoBot    
-[![Reliability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=reliability_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
-[![Maintainability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=sqale_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot) 
-[![Security Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=security_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
-[![Build Status](https://drone.prod.panic.haus/api/badges/bea/HidekoBot/status.svg)](https://drone.prod.panic.haus/bea/HidekoBot) 
-[![Lines of Code](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot&metric=ncloc&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot)
+[![Reliability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=reliability_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
+[![Maintainability Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=sqale_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59) 
+[![Security Rating](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=security_rating&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
+[![Build Status](https://drone.beatrice.wtf/api/badges/bea/HidekoBot/status.svg)](https://drone.beatrice.wtf/bea/HidekoBot) 
+[![Lines of Code](https://sonar.beatrice.wtf/api/project_badges/measure?project=HidekoBot_AYWyYHsvX-1Ma0D4pJ59&metric=ncloc&token=0a63c149148555d6d2ee40665af1afae8f67cc3f)](https://sonar.beatrice.wtf/dashboard?id=HidekoBot_AYWyYHsvX-1Ma0D4pJ59)
  
 Hideko is a general-purpose Discord bot.  
  
--- a/pom.xml
+++ b/pom.xml
@@ -22,18 +22,18 @@
        <dependency>
            <groupId>net.dv8tion</groupId>
            <artifactId>JDA</artifactId>
-            <version>5.5.1</version>
+            <version>5.3.0</version>
        </dependency>
        <!-- JDA depends on SLF4J for logging -->
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
-            <version>2.0.17</version>
+            <version>2.0.6</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-simple</artifactId>
-            <version>2.0.17</version>
+            <version>2.0.6</version>
        </dependency>

        <!-- Dependency used for SQLite database connections-->
@@ -47,26 +47,26 @@
        <dependency>
            <groupId>org.yaml</groupId>
            <artifactId>snakeyaml</artifactId>
-            <version>2.4</version>
+            <version>2.0</version>
        </dependency>

        <!-- JSoup is used to parse HTML into JSON objects for better handling in Java -->
        <dependency>
            <groupId>org.jsoup</groupId>
            <artifactId>jsoup</artifactId>
-            <version>1.19.1</version>
+            <version>1.15.3</version>
        </dependency>
        <!-- Various String manipulation utils -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-text</artifactId>
-            <version>1.13.1</version>
+            <version>1.13.0</version>
        </dependency>
        <!-- JSON dependency used for better parsing of JSON files -->
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
-            <version>20250517</version>
+            <version>20231013</version>
        </dependency>

        <!-- Start Random.org dependencies -->
@@ -78,12 +78,12 @@
        <dependency>
            <groupId>com.google.code.gson</groupId>
            <artifactId>gson</artifactId>
-            <version>2.13.1</version>
+            <version>2.10.1</version>
        </dependency>
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
-            <version>1.19.0</version>
+            <version>1.15</version>
        </dependency>
        <!-- End Random.org dependencies -->

@@ -91,7 +91,7 @@
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter-api</artifactId>
-            <version>5.13.0</version>
+            <version>5.9.2</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
@@ -102,7 +102,7 @@
            <dependency>
                <groupId>com.google.protobuf</groupId>
                <artifactId>protobuf-java</artifactId>
-                <version>4.31.1</version>
+                <version>4.30.0</version>
            </dependency>
        </dependencies>
    </dependencyManagement>
@@ -143,24 +143,23 @@
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.2</version>
+                <version>3.4.1</version>
            </plugin>

            <plugin>
                <groupId>org.sonarsource.scanner.maven</groupId>
                <artifactId>sonar-maven-plugin</artifactId>
-                <version>5.1.0.4751</version>
+                <version>3.9.1.2184</version>
            </plugin>

            <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
-                <version>12.1.1</version>
+                <version>12.1.0</version>
                <configuration>
                    <failBuildOnCVSS>8</failBuildOnCVSS>
                    <!--suppress UnresolvedMavenProperty -->
                    <nvdApiKey>${nvdApiKey}</nvdApiKey>
-                    <knownExploitedUrl>https://raw.githubusercontent.com/EugenMayer/cisa-known-exploited-mirror/main/known_exploited_vulnerabilities.json</knownExploitedUrl>
                    <formats>
                        <format>html</format>
                        <format>json</format>
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -1,12 +1,31 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <!--
    <suppress>
        <notes><![CDATA[
-           file name: snakeyaml-1.33.jar
-        ]]></notes>
+   file name: snakeyaml-1.33.jar
+   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
        <cve>CVE-2021-4235</cve>
    </suppress>
-    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: snakeyaml-1.33.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <cve>CVE-2022-3064</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: snakeyaml-1.33.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: json-20220924.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
+        <vulnerabilityName>CVE-2022-45688</vulnerabilityName>
+    </suppress>
 </suppressions>