feat: bump vulnerable dependencies

bump coverage
point jvmTarget to 11

Author: meotchwilliams

.github/workflows/ci.yml

@@ -16,5 +16,5 @@ jobs:
     uses: mxenabled/path-tools/.github/workflows/ci.yml@master
     with:
       force: ${{ inputs.force != '' && inputs.force }}
-      java-version: '8'
+      java-version: '11'
       skip-dependency-checks: true

build.gradle

@@ -1,15 +1,16 @@
 plugins {
-  id "com.github.mxenabled.coppuccino" version "3.2.1"
+  id "com.github.mxenabled.coppuccino" version "4.4.2"
   id "groovy"
   id "java"
   id "maven-publish"
   id "java-gradle-plugin"
-  id "org.jetbrains.kotlin.jvm" version "1.6.10"
+  id "org.jetbrains.kotlin.jvm" version "2.1.0"
 }
 
 group "com.mx.vogue"
-version "1.0.3" // x-release-please-version
-sourceCompatibility = 1.8
+version "2.0.0-SNAPSHOT" // x-release-please-version
+sourceCompatibility = JavaVersion.VERSION_11
+targetCompatibility = JavaVersion.VERSION_11
 
 repositories {
   mavenCentral()
@@ -19,22 +20,17 @@ repositories {
 }
 
 dependencies {
-  implementation "org.apache.bcel:bcel:[6.6.0,7.0[" // Security update
-  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
+  implementation "org.apache.bcel:bcel:[6.11.0,7.0[" // Security update
+  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.1.0"
   implementation "com.google.code.gson:gson:[2.0,3.0["
-  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3"
-  implementation "com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.42.0"
-  implementation "com.github.spotbugs:spotbugs-annotations:4.7.2" // For annotating classes and methods to suppress SpotBugs violations
+  //FIXME this is pulling in snakeyaml 2.0, which is breaking higher libraries because we are not ready for it
+  //upgrade to 2.15.0 after snakeyaml2
+  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.14.3"
+  implementation "com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.53.0"
+  implementation "com.github.spotbugs:spotbugs-annotations:4.9.8" // For annotating classes and methods to suppress SpotBugs violations
 
-  constraints {
-    implementation ("com.thoughtworks.xstream:xstream:1.4.19") { because "It resolves a bajillion CVEs" }
-  }
-
-  // Unit tests
-  testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:[5.8.0,5.9.0["
-  testImplementation "org.junit.jupiter:junit-jupiter-api:[5.8.0,5.9.0["
-  testImplementation "org.mockito:mockito-inline:[4.0,5.0["
-  testImplementation "org.spockframework:spock-core:2.2-M1-groovy-3.0"
+  api "org.mockito:mockito-inline:[4.0,5.0["
+  api "org.spockframework:spock-core:2.4-M6-groovy-3.0"
 }
 
 gradlePlugin {
@@ -52,31 +48,37 @@ gradlePlugin {
 
 compileKotlin {
   kotlinOptions {
-    jvmTarget = "1.8"
-  } }
+    jvmTarget = "11"
+  }
+}
 
 compileTestKotlin {
   kotlinOptions {
-    jvmTarget = "1.8"
-  } }
+    jvmTarget = "11"
+  }
+}
 
 coppuccino {
   kotlin { enabled = true }
   coverage {
-    minimumCoverage = 0.70
+    minimumCoverage = 0.73
     excludes = [
       "com/mx/vogue/core/models/**"
     ]
   }
 }
 
 sourceSets {
-  test { groovy { srcDirs "src/test/groovy" } }
+  test {
+    groovy {
+      srcDirs "src/test/groovy"
+    }
+  }
 }
 
 test { useJUnitPlatform() }
 
 wrapper {
-  gradleVersion = "7.4.1"
+  gradleVersion = "7.6.3"
   distributionType = Wrapper.DistributionType.ALL
 }

gradle.lockfile

@@ -1,5 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.3-all.zip
+networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.jar

@@ -7,4 +7,4 @@ pluginManagement {
   }
 }
 
-rootProject.name = "vogue"
+rootProject.name = "vogue"

gradle/wrapper/gradle-wrapper.properties

@@ -38,7 +38,7 @@ import org.gradle.api.Project
 import org.gradle.api.logging.LogLevel
 
 class VoguePlugin : Plugin<Project> {
-  @Suppress("MaxLineLength")
+  @Suppress("ktlint:standard:max-line-length")
   override fun apply(project: Project) {
     var dependenciesExtension = project.extensions.create("vogue", VogueDependenciesExtension::class.java)
 

gradlew

@@ -79,12 +79,12 @@ private fun buildUpgradeMessages(dependencyContexts: List<DependencyContext>, bu
   }
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 private fun buildWarningUpgradeMessage(dependencyContext: DependencyContext): String {
   return " - ${yellow(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"
 }
 
-@Suppress("MaxLineLength")
+@Suppress("ktlint:standard:max-line-length")
 private fun buildErrorUpgradeMessage(dependencyContext: DependencyContext): String {
   return " - ${red(getPackage(dependencyContext.versionsPluginDependency))} [${green(dependencyContext.current.toString())} -> ${green(dependencyContext.latest.toString())}]\n"
 }