From a728564f8de1c2c95e68bf13f48169b81e475726 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 15 Nov 2023 21:24:28 +0000
Subject: [PATCH] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6056420
---
 pom.xml | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/pom.xml b/pom.xml
index 15293a0ac..9feaea0d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -321,39 +321,39 @@
                                 <!-- windows build -->
                                 <copy todir="${dist.base}/windows">
                                     <fileset dir="${project.basedir}">
-                                        <include name="config/**" />
-                                        <include name="LICENSE*" />
+                                        <include name="config/**"/>
+                                        <include name="LICENSE*"/>
                                     </fileset>
                                     <fileset dir="${project.basedir}/target">
-                                        <include name="semux.exe" />
+                                        <include name="semux.exe"/>
                                     </fileset>
                                 </copy>
-                                <copy file="${project.basedir}/misc/launch4j/semux.l4j.ini" tofile="${dist.base}/windows/semux.l4j.ini" />
-                                <fixcrlf srcdir="${dist.base}/windows" includes="**/*.ini" eol="dos" eof="asis" />
-                                <fixcrlf srcdir="${dist.base}/windows" includes="config/*" eol="dos" eof="asis" />
-                                <fixcrlf srcdir="${dist.base}/windows" includes="LICENSE*" eol="dos" eof="asis" />
+                                <copy file="${project.basedir}/misc/launch4j/semux.l4j.ini" tofile="${dist.base}/windows/semux.l4j.ini"/>
+                                <fixcrlf srcdir="${dist.base}/windows" includes="**/*.ini" eol="dos" eof="asis"/>
+                                <fixcrlf srcdir="${dist.base}/windows" includes="config/*" eol="dos" eof="asis"/>
+                                <fixcrlf srcdir="${dist.base}/windows" includes="LICENSE*" eol="dos" eof="asis"/>
 
                                 <!-- linux build (executable jar) -->
                                 <copy todir="${dist.base}/linux">
                                     <fileset dir="${project.basedir}">
-                                        <include name="config/**" />
-                                        <include name="LICENSE*" />
+                                        <include name="config/**"/>
+                                        <include name="LICENSE*"/>
                                     </fileset>
                                 </copy>
-                                <copy file="${project.basedir}/src/main/resources/org/semux/gui/splash.png" todir="${dist.base}/linux/resources" />
-                                <copy file="${project.basedir}/target/semux-${project.version}-shaded.jar" tofile="${dist.base}/linux/semux.jar" />
-                                <copy file="${project.basedir}/scripts/semux-cli.sh" tofile="${dist.base}/linux/semux-cli.sh" />
-                                <copy file="${project.basedir}/scripts/semux-gui.sh" tofile="${dist.base}/linux/semux-gui.sh" />
-                                <chmod file="${dist.base}/linux/semux.jar" perm="755" />
-                                <chmod file="${dist.base}/linux/semux*.sh" perm="755" />
+                                <copy file="${project.basedir}/src/main/resources/org/semux/gui/splash.png" todir="${dist.base}/linux/resources"/>
+                                <copy file="${project.basedir}/target/semux-${project.version}-shaded.jar" tofile="${dist.base}/linux/semux.jar"/>
+                                <copy file="${project.basedir}/scripts/semux-cli.sh" tofile="${dist.base}/linux/semux-cli.sh"/>
+                                <copy file="${project.basedir}/scripts/semux-gui.sh" tofile="${dist.base}/linux/semux-gui.sh"/>
+                                <chmod file="${dist.base}/linux/semux.jar" perm="755"/>
+                                <chmod file="${dist.base}/linux/semux*.sh" perm="755"/>
 
                                 <!-- macos build -->
                                 <!-- use fat jar because .app bundle is not production ready -->
                                 <copy todir="${dist.base}/macos">
-                                    <fileset dir="${dist.base}/linux"></fileset>
+                                    <fileset dir="${dist.base}/linux"/>
                                 </copy>
-                                <chmod file="${dist.base}/macos/semux.jar" perm="755" />
-                                <chmod file="${dist.base}/macos/semux*.sh" perm="755" />
+                                <chmod file="${dist.base}/macos/semux.jar" perm="755"/>
+                                <chmod file="${dist.base}/macos/semux*.sh" perm="755"/>
                             </target>
                         </configuration>
                         <goals>
@@ -395,7 +395,7 @@
                     <instrumentation>
                         <ignoreTrivial>true</ignoreTrivial>
                     </instrumentation>
-                    <check />
+                    <check/>
                 </configuration>
             </plugin>
 
@@ -474,7 +474,7 @@
                         <configuration>
                             <skip>false</skip>
                             <rules>
-                                <DependencyConvergence />
+                                <DependencyConvergence/>
                                 <digestRule implementation="uk.co.froot.maven.enforcer.DigestRule">
                                     <!-- Create a snapshot to build the list of URNs below -->
                                     <buildSnapshot>false</buildSnapshot>
@@ -602,7 +602,7 @@
                                         </goals>
                                     </pluginExecutionFilter>
                                     <action>
-                                        <ignore></ignore>
+                                        <ignore/>
                                     </action>
                                 </pluginExecution>
                             </pluginExecutions>
@@ -675,7 +675,7 @@
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-all</artifactId>
-            <version>4.1.22.Final</version>
+            <version>4.1.44.Final</version>
         </dependency>
 
         <!-- Snappy Java -->
@@ -744,7 +744,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.4</version>
+            <version>2.9.9.2</version>
         </dependency>
 
         <!-- ED25519 -->