Remove vulnerable transitive dependency. Fix checkstyle.

2 years ago · 1c8e8056e4
8 changed files with 36 additions and 2 deletions
--- a/docs/pom.xml
+++ b/docs/pom.xml
@ -17,6 +17,8 @@
				@@ -17,6 +17,8 @@
 		<main.basedir>${basedir}/..</main.basedir>
 		<configprops.inclusionPattern>feign.*</configprops.inclusionPattern>
 		<upload-docs-zip.phase>deploy</upload-docs-zip.phase>
+		<!-- Don't upload docs jar to central / repo.spring.io -->
+		<maven-deploy-plugin-default.phase>none</maven-deploy-plugin-default.phase>
 	</properties>
 	<dependencies>
 		<dependency>
--- a/spring-cloud-openfeign-core/pom.xml
+++ b/spring-cloud-openfeign-core/pom.xml
@ -94,6 +94,13 @@
				@@ -94,6 +94,13 @@
 		<dependency>
 			<groupId>io.github.openfeign.form</groupId>
 			<artifactId>feign-form-spring</artifactId>
+			<exclusions>
+<!--				Vulnerable in 3.8.0-->
+				<exclusion>
+					<groupId>commons-io</groupId>
+					<artifactId>commons-io</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>io.github.openfeign</groupId>
@ -138,6 +145,10 @@
				@@ -138,6 +145,10 @@
 					<groupId>javax.activation</groupId>
 					<artifactId>javax.activation-api</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>com.sun.activation</groupId>
+					<artifactId>jakarta.activation</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
@ -198,6 +209,12 @@
				@@ -198,6 +209,12 @@
 			<artifactId>spring-cloud-loadbalancer</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>commons-io</groupId>
+			<artifactId>commons-io</artifactId>
+			<version>2.11.0</version>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 	<profiles>
 		<profile>
--- a/spring-cloud-openfeign-core/src/main/java/org/springframework/cloud/openfeign/FeignAutoConfiguration.java
+++ b/spring-cloud-openfeign-core/src/main/java/org/springframework/cloud/openfeign/FeignAutoConfiguration.java
@ -346,6 +346,7 @@ public class FeignAutoConfiguration {
				@@ -346,6 +346,7 @@ public class FeignAutoConfiguration {
 	@Configuration(proxyBeanMethods = false)
 	@ConditionalOnClass(OAuth2ClientContext.class)
 	@ConditionalOnProperty("spring.cloud.openfeign.oauth2.enabled")
+	@Deprecated // spring-security-oauth2 reached EOL
 	protected static class Oauth2FeignConfiguration {

 		@ConditionalOnBean({ RetryLoadBalancerInterceptor.class, OAuth2ClientContext.class,
--- a/spring-cloud-openfeign-core/src/main/java/org/springframework/cloud/openfeign/security/OAuth2FeignRequestInterceptor.java
+++ b/spring-cloud-openfeign-core/src/main/java/org/springframework/cloud/openfeign/security/OAuth2FeignRequestInterceptor.java
@ -43,6 +43,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
				@@ -43,6 +43,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
 * @author Tim Ysewyn
 * @since 3.0.0
 */
+@Deprecated // spring-security-oauth2 reached EOL
 public class OAuth2FeignRequestInterceptor implements RequestInterceptor {

 	/**
--- a/spring-cloud-openfeign-core/src/test/java/org/springframework/cloud/openfeign/encoding/Invoices.java
+++ b/spring-cloud-openfeign-core/src/test/java/org/springframework/cloud/openfeign/encoding/Invoices.java
@ -27,9 +27,14 @@ import org.springframework.cloud.openfeign.encoding.app.domain.Invoice;
				@@ -27,9 +27,14 @@ import org.springframework.cloud.openfeign.encoding.app.domain.Invoice;
 * Utility class used for testing.
 *
 * @author Jakub Narloch
+ * @author Olga Maciaszek-Sharma
 */
 final class Invoices {

+	private Invoices() {
+		throw new IllegalStateException("Can't instantiate a utility class");
+	}
+
 	public static List<Invoice> createInvoiceList(int count) {
 		final List<Invoice> invoices = new ArrayList<>();
 		for (int ind = 0; ind < count; ind++) {
--- a/spring-cloud-openfeign-core/src/test/java/org/springframework/cloud/openfeign/test/EqualsAndHashCodeAssert.java
+++ b/spring-cloud-openfeign-core/src/test/java/org/springframework/cloud/openfeign/test/EqualsAndHashCodeAssert.java
@ -24,8 +24,13 @@ import static org.assertj.core.api.Assertions.assertThat;
				@@ -24,8 +24,13 @@ import static org.assertj.core.api.Assertions.assertThat;
 * {@link Object#equals(Object)} and {@link Object#hashCode()}.
 *
 * @author Jonatan Ivanov
+ * @author Olga Maciaszek-Sharma
 */
-public class EqualsAndHashCodeAssert {
+public final class EqualsAndHashCodeAssert {
+
+	private EqualsAndHashCodeAssert() {
+		throw new IllegalStateException("Can't instantiate a utility class");
+	}

 	/**
 	 * Checks if equals is reflexive: for any non-null reference value x, x.equals(x)
--- a/spring-cloud-openfeign-dependencies/pom.xml
+++ b/spring-cloud-openfeign-dependencies/pom.xml
@ -17,7 +17,8 @@
				@@ -17,7 +17,8 @@
 	<properties>
 		<feign.version>11.8</feign.version>
 		<feign-form.version>3.8.0</feign-form.version>
-		<spring-security-oauth2-autoconfigure.version>2.1.2.RELEASE</spring-security-oauth2-autoconfigure.version>
+		<!-- Deprecated - reached EOL -->
+		<spring-security-oauth2-autoconfigure.version>2.5.2</spring-security-oauth2-autoconfigure.version>
 	</properties>
 	<dependencyManagement>
 		<dependencies>
--- a/src/checkstyle/checkstyle-suppressions.xml
+++ b/src/checkstyle/checkstyle-suppressions.xml
@ -12,6 +12,8 @@
				@@ -12,6 +12,8 @@
 	<suppress files=".*ProtobufSpringEncoderTest.*" checks="LineLengthCheck" />
 	<suppress files=".*ProtobufTest.*" checks="LineLengthCheck" />
 	<suppress files=".*Hello.*" checks="RedundantModifier"/>
+	<suppress files=".*test.*" checks="JavadocStyle"/>
+	<suppress files=".*test.*" checks="JavadocVariable"/>
 	<!-- Important -->
 	<suppress files=".*HttpEncoding.*" checks="InterfaceIsTypeCheck" />
 </suppressions>