Excluding commons-collections dependency to resolve vulnerabilities (#…

…245) ## 1.12.0 ### Updates - Excluding commons-collections dependency to resolve vulnerabilities
sitture · Nov 1, 2024 · 5c9ced5 · 5c9ced5
1 parent 2e16310
commit 5c9ced5
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project are documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 1.12.0
+
+### Updates
+
+- Excluding commons-collections dependency to resolve vulnerabilities
+
 ## 1.11.0
 
 ### Updates

diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 	<groupId>com.github.sitture</groupId>
 	<artifactId>env-config</artifactId>
 	<packaging>jar</packaging>
-	<version>1.11.0</version>
+	<version>1.12.0</version>
 
 	<name>env-config</name>
 	<description>A simple utility to manage environment configs in Java-based projects by merging *.properties files with environment variables overrides.</description>
@@ -92,7 +92,7 @@
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-pmd-plugin</artifactId>
-					<version>3.25.0</version>
+					<version>3.26.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.sonatype.plugins</groupId>
@@ -192,7 +192,7 @@
 					<dependency>
 						<groupId>com.puppycrawl.tools</groupId>
 						<artifactId>checkstyle</artifactId>
-						<version>10.19.0</version>
+						<version>10.20.0</version>
 					</dependency>
 				</dependencies>
 				<executions>
@@ -266,6 +266,16 @@
 			<groupId>commons-beanutils</groupId>
 			<artifactId>commons-beanutils</artifactId>
 			<version>${commons-beanutils.version}</version>
+			<exclusions>
+				<!--
+					Excluding commons-collections due to a vulnerability reported below
+					https://issues.apache.org/jira/browse/COLLECTIONS-701
+				-->
+				<exclusion>
+					<groupId>commons-collections</groupId>
+					<artifactId>commons-collections</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>

diff --git a/src/main/resources/config/pmd/rulesets.xml b/src/main/resources/config/pmd/rulesets.xml
@@ -9,8 +9,8 @@
     <!-- Default rulesets -->
     <rule ref="category/java/bestpractices.xml">
         <exclude name="UseVarargs"/>
-        <exclude name="JUnitAssertionsShouldIncludeMessage"/>
-        <exclude name="JUnitTestContainsTooManyAsserts"/>
+        <exclude name="UnitTestAssertionsShouldIncludeMessage"/>
+        <exclude name="UnitTestContainsTooManyAsserts"/>
     </rule>
 
     <rule ref="category/java/codestyle.xml">
@@ -48,6 +48,7 @@
 
     <rule ref="category/java/multithreading.xml">
         <exclude name="UseConcurrentHashMap"/>
+        <exclude name="AvoidSynchronizedStatement"/>
     </rule>
 
     <rule ref="category/java/performance.xml"/>