From 58cad6922748190e43e077c8a91b623e88233e6b Mon Sep 17 00:00:00 2001 From: Niels Basjes <niels@basjes.nl> Date: Mon, 12 Feb 2024 12:34:04 +0100 Subject: [PATCH] Bump maven-core to 3.9.6 and drop needless plexus-utils (#2723) --- lang/java/maven-plugin/pom.xml | 8 -------- lang/java/pom.xml | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/lang/java/maven-plugin/pom.xml b/lang/java/maven-plugin/pom.xml index a4e9e7b6fdb..9f9ab3859c9 100644 --- a/lang/java/maven-plugin/pom.xml +++ b/lang/java/maven-plugin/pom.xml @@ -72,14 +72,6 @@ </exclusion> </exclusions> </dependency> - <!-- Bump this to a higher version while maven 3.3.9 still uses 3.0.22 with a --> - <!-- XML injection vulnerability. --> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.5.1</version> - <scope>provided</scope> - </dependency> <dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>file-management</artifactId> diff --git a/lang/java/pom.xml b/lang/java/pom.xml index 45068634cfe..8d149310373 100644 --- a/lang/java/pom.xml +++ b/lang/java/pom.xml @@ -49,7 +49,7 @@ <jetty.version>9.4.53.v20231009</jetty.version> <jopt-simple.version>5.0.4</jopt-simple.version> <junit5.version>5.10.2</junit5.version> - <maven-core.version>3.3.9</maven-core.version> + <maven-core.version>3.9.6</maven-core.version> <mockito.version>5.10.0</mockito.version> <netty.version>4.1.106.Final</netty.version> <protobuf.version>3.25.2</protobuf.version>