Update vulnerable version of cron-utils (#1942)

* Update lock files

* Replace usage of org.apache.commons.lang3 with guava

* Update vulnerable version of cron-utils

Update cron-util from version 9.1.3 to 9.1.6.
Version 9.1.6 fixes an arbitrary code execution
vulnerability (CVE-2021-41269).
SCM-Manager is not affected by this issue,
because it is related to the el parsing
of an annotation which we don't use.
This commit is contained in:
Sebastian Sdorra
2022-02-01 18:06:53 +01:00
committed by GitHub
parent 44be389d0c
commit 466334aaa7
9 changed files with 17 additions and 17 deletions

View File

@@ -27,7 +27,7 @@ package sonia.scm.web.i18n;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.legman.EventBus;
import org.apache.commons.lang3.StringUtils;
import com.google.common.base.CharMatcher;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
@@ -323,8 +323,8 @@ class I18nServletTest {
private void assertJson(String actual) {
assertThat(actual)
.isNotEmpty()
.contains(StringUtils.deleteWhitespace(GIT_PLUGIN_JSON.substring(1, GIT_PLUGIN_JSON.length() - 1)))
.contains(StringUtils.deleteWhitespace(HG_PLUGIN_JSON.substring(1, HG_PLUGIN_JSON.length() - 1)))
.contains(StringUtils.deleteWhitespace(SVN_PLUGIN_JSON.substring(1, SVN_PLUGIN_JSON.length() - 1)));
.contains(CharMatcher.whitespace().removeFrom(GIT_PLUGIN_JSON.substring(1, GIT_PLUGIN_JSON.length() - 1)))
.contains(CharMatcher.whitespace().removeFrom(HG_PLUGIN_JSON.substring(1, HG_PLUGIN_JSON.length() - 1)))
.contains(CharMatcher.whitespace().removeFrom(SVN_PLUGIN_JSON.substring(1, SVN_PLUGIN_JSON.length() - 1)));
}
}