Merge pull request #1461 from flaix/depupd

flaix · web-flow · commit 8d24e989eb0e · 2023-10-31T21:23:51.000+01:00
Update dependencies
diff --git a/.classpath b/.classpath
@@ -9,18 +9,18 @@
 	<classpathentry kind="lib" path="ext/guice-5.1.0.jar" sourcepath="ext/src/guice-5.1.0.jar" />
 	<classpathentry kind="lib" path="ext/javax.inject-1.jar" sourcepath="ext/src/javax.inject-1.jar" />
 	<classpathentry kind="lib" path="ext/aopalliance-1.0.jar" sourcepath="ext/src/aopalliance-1.0.jar" />
-	<classpathentry kind="lib" path="ext/guava-31.1-jre.jar" sourcepath="ext/src/guava-31.1-jre.jar" />
+	<classpathentry kind="lib" path="ext/guava-32.1.3-jre.jar" sourcepath="ext/src/guava-32.1.3-jre.jar" />
 	<classpathentry kind="lib" path="ext/failureaccess-1.0.1.jar" sourcepath="ext/src/failureaccess-1.0.1.jar" />
 	<classpathentry kind="lib" path="ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" />
 	<classpathentry kind="lib" path="ext/jsr305-3.0.2.jar" sourcepath="ext/src/jsr305-3.0.2.jar" />
-	<classpathentry kind="lib" path="ext/checker-qual-3.12.0.jar" sourcepath="ext/src/checker-qual-3.12.0.jar" />
-	<classpathentry kind="lib" path="ext/error_prone_annotations-2.11.0.jar" sourcepath="ext/src/error_prone_annotations-2.11.0.jar" />
-	<classpathentry kind="lib" path="ext/j2objc-annotations-1.3.jar" sourcepath="ext/src/j2objc-annotations-1.3.jar" />
+	<classpathentry kind="lib" path="ext/checker-qual-3.37.0.jar" sourcepath="ext/src/checker-qual-3.37.0.jar" />
+	<classpathentry kind="lib" path="ext/error_prone_annotations-2.21.1.jar" sourcepath="ext/src/error_prone_annotations-2.21.1.jar" />
+	<classpathentry kind="lib" path="ext/j2objc-annotations-2.8.jar" sourcepath="ext/src/j2objc-annotations-2.8.jar" />
 	<classpathentry kind="lib" path="ext/guice-servlet-5.1.0-gb2.jar" sourcepath="ext/src/guice-servlet-5.1.0-gb2.jar" />
 	<classpathentry kind="lib" path="ext/annotations-12.0.jar" sourcepath="ext/src/annotations-12.0.jar" />
-	<classpathentry kind="lib" path="ext/log4j-1.2.17.jar" sourcepath="ext/src/log4j-1.2.17.jar" />
-	<classpathentry kind="lib" path="ext/slf4j-api-1.7.29.jar" sourcepath="ext/src/slf4j-api-1.7.29.jar" />
-	<classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.29.jar" sourcepath="ext/src/slf4j-log4j12-1.7.29.jar" />
+	<classpathentry kind="lib" path="ext/reload4j-1.2.25.jar" sourcepath="ext/src/reload4j-1.2.25.jar" />
+	<classpathentry kind="lib" path="ext/slf4j-api-1.7.36.jar" sourcepath="ext/src/slf4j-api-1.7.36.jar" />
+	<classpathentry kind="lib" path="ext/slf4j-reload4j-1.7.36.jar" sourcepath="ext/src/slf4j-reload4j-1.7.36.jar" />
 	<classpathentry kind="lib" path="ext/javax.mail-1.5.6.jar" sourcepath="ext/src/javax.mail-1.5.6.jar" />
 	<classpathentry kind="lib" path="ext/activation-1.1.jar" sourcepath="ext/src/activation-1.1.jar" />
 	<classpathentry kind="lib" path="ext/javax.servlet-api-3.1.0.jar" sourcepath="ext/src/javax.servlet-api-3.1.0.jar" />
@@ -72,15 +72,15 @@
 	<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.69.jar" sourcepath="ext/src/bcpkix-jdk15on-1.69.jar" />
 	<classpathentry kind="lib" path="ext/eddsa-0.2.0.jar" sourcepath="ext/src/eddsa-0.2.0.jar" />
 	<classpathentry kind="lib" path="ext/sshd-core-1.7.0.jar" sourcepath="ext/src/sshd-core-1.7.0.jar" />
-	<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" />
+	<classpathentry kind="lib" path="ext/mina-core-2.0.25.jar" sourcepath="ext/src/mina-core-2.0.25.jar" />
 	<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" />
 	<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" />
 	<classpathentry kind="lib" path="ext/gson-2.10.jar" sourcepath="ext/src/gson-2.10.jar" />
 	<classpathentry kind="lib" path="ext/groovy-all-2.4.4.jar" sourcepath="ext/src/groovy-all-2.4.4.jar" />
 	<classpathentry kind="lib" path="ext/unboundid-ldapsdk-2.3.8.jar" sourcepath="ext/src/unboundid-ldapsdk-2.3.8.jar" />
 	<classpathentry kind="lib" path="ext/ivy-2.2.0.jar" sourcepath="ext/src/ivy-2.2.0.jar" />
 	<classpathentry kind="lib" path="ext/jcalendar-1.3.2.jar" />
-	<classpathentry kind="lib" path="ext/commons-compress-1.22.jar" sourcepath="ext/src/commons-compress-1.22.jar" />
+	<classpathentry kind="lib" path="ext/commons-compress-1.24.0.jar" sourcepath="ext/src/commons-compress-1.24.0.jar" />
 	<classpathentry kind="lib" path="ext/commons-io-2.11.0.jar" sourcepath="ext/src/commons-io-2.11.0.jar" />
 	<classpathentry kind="lib" path="ext/force-partner-api-24.0.0.jar" sourcepath="ext/src/force-partner-api-24.0.0.jar" />
 	<classpathentry kind="lib" path="ext/force-wsc-24.0.0.jar" sourcepath="ext/src/force-wsc-24.0.0.jar" />
@@ -94,8 +94,8 @@
 	<classpathentry kind="lib" path="ext/jedis-2.6.2.jar" sourcepath="ext/src/jedis-2.6.2.jar" />
 	<classpathentry kind="lib" path="ext/commons-pool2-2.0.jar" sourcepath="ext/src/commons-pool2-2.0.jar" />
 	<classpathentry kind="lib" path="ext/pf4j-0.9.0.jar" sourcepath="ext/src/pf4j-0.9.0.jar" />
-	<classpathentry kind="lib" path="ext/tika-core-1.5.jar" sourcepath="ext/src/tika-core-1.5.jar" />
-	<classpathentry kind="lib" path="ext/jsoup-1.7.3.jar" sourcepath="ext/src/jsoup-1.7.3.jar" />
+	<classpathentry kind="lib" path="ext/tika-core-1.28.5.jar" sourcepath="ext/src/tika-core-1.28.5.jar" />
+	<classpathentry kind="lib" path="ext/jsoup-1.16.2.jar" sourcepath="ext/src/jsoup-1.16.2.jar" />
 	<classpathentry kind="lib" path="ext/javax.activation-1.2.0.jar" sourcepath="ext/src/javax.activation-1.2.0.jar" />
 	<classpathentry kind="lib" path="ext/junit-4.12.jar" sourcepath="ext/src/junit-4.12.jar" />
 	<classpathentry kind="lib" path="ext/hamcrest-core-1.3.jar" sourcepath="ext/src/hamcrest-core-1.3.jar" />
diff --git a/build.moxie b/build.moxie
@@ -106,7 +106,7 @@ repositories: central, eclipse-snapshots, eclipse, gitblit
 # Convenience properties for dependencies
 properties: {
   jetty.version  : 9.4.49.v20220914
-  slf4j.version  : 1.7.29
+  slf4j.version  : 1.7.36
   wicket.version : 1.4.22
   lucene.version : 5.5.2
   jgit.version   : 4.11.9.201909030838-r
@@ -115,7 +115,7 @@ properties: {
   selenium.version : 2.28.0
   wikitext.version : 1.4
   sshd.version: 1.7.0
-  mina.version: 2.0.21
+  mina.version: 2.0.25
   guice.version : 5.1.0
   # Gitblit maintains a fork of guice-servlet
   guice-servlet.version : 5.1.0-gb2
@@ -135,11 +135,11 @@ properties: {
 dependencies:
 - compile 'com.google.inject:guice:${guice.version}' :war :fedclient
 - compile 'com.google.inject.extensions:guice-servlet:${guice-servlet.version}' :war
-- compile 'com.google.guava:guava:31.1-jre' :war :fedclient
+- compile 'com.google.guava:guava:32.1.3-jre' :war :fedclient
 - compile 'com.intellij:annotations:12.0' :war
-- compile 'log4j:log4j:1.2.17' :war :fedclient :manager
+- compile 'ch.qos.reload4j:reload4j:1.2.25' :war :fedclient :manager
 - compile 'org.slf4j:slf4j-api:${slf4j.version}' :war :fedclient :manager
-- compile 'org.slf4j:slf4j-log4j12:${slf4j.version}' :war :fedclient :manager
+- compile 'org.slf4j:slf4j-reload4j:${slf4j.version}' :war :fedclient :manager
 - compile 'com.sun.mail:javax.mail:1.5.6' :war
 - compile 'javax.servlet:javax.servlet-api:3.1.0' :fedclient
 - compile 'org.eclipse.jetty:jetty-servlet:${jetty.version}' @jar
@@ -180,7 +180,7 @@ dependencies:
 - compile 'com.unboundid:unboundid-ldapsdk:2.3.8' :war
 - compile 'org.apache.ivy:ivy:2.2.0' :war
 - compile 'com.toedter:jcalendar:1.3.2' :authority
-- compile 'org.apache.commons:commons-compress:1.22' :war
+- compile 'org.apache.commons:commons-compress:1.24.0' :war
 - compile 'commons-io:commons-io:2.11.0' :war
 - compile 'com.force.api:force-partner-api:24.0.0' :war
 - compile 'org.freemarker:freemarker:2.3.22' :war
@@ -190,8 +190,8 @@ dependencies:
 - compile 'commons-codec:commons-codec:1.9' :war
 - compile 'redis.clients:jedis:2.6.2' :war
 - compile 'ro.fortsoft.pf4j:pf4j:0.9.0' :war
-- compile 'org.apache.tika:tika-core:1.5' :war
-- compile 'org.jsoup:jsoup:1.7.3' :war
+- compile 'org.apache.tika:tika-core:1.28.5' :war
+- compile 'org.jsoup:jsoup:1.16.2' :war
 - compile 'com.sun.activation:javax.activation:1.2.0' :war :manager :fedclient
 - test 'junit:junit:4.12'
 # Dependencies for Selenium web page testing
diff --git a/gitblit.iml b/gitblit.iml
@@ -48,13 +48,13 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="guava-31.1-jre.jar">
+      <library name="guava-32.1.3-jre.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/guava-31.1-jre.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/guava-32.1.3-jre.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/guava-31.1-jre.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/guava-32.1.3-jre.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -90,35 +90,35 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="checker-qual-3.12.0.jar">
+      <library name="checker-qual-3.37.0.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/checker-qual-3.12.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/checker-qual-3.37.0.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/checker-qual-3.12.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/checker-qual-3.37.0.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="error_prone_annotations-2.11.0.jar">
+      <library name="error_prone_annotations-2.21.1.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/error_prone_annotations-2.11.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/error_prone_annotations-2.21.1.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/error_prone_annotations-2.11.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/error_prone_annotations-2.21.1.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="j2objc-annotations-1.3.jar">
+      <library name="j2objc-annotations-2.8.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/j2objc-annotations-1.3.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/j2objc-annotations-2.8.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/j2objc-annotations-1.3.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/j2objc-annotations-2.8.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -145,35 +145,35 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="log4j-1.2.17.jar">
+      <library name="reload4j-1.2.25.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/log4j-1.2.17.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/reload4j-1.2.25.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/log4j-1.2.17.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/reload4j-1.2.25.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="slf4j-api-1.7.29.jar">
+      <library name="slf4j-api-1.7.36.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.29.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.36.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.29.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.36.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="slf4j-log4j12-1.7.29.jar">
+      <library name="slf4j-reload4j-1.7.36.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.29.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/slf4j-reload4j-1.7.36.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.29.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/slf4j-reload4j-1.7.36.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -737,13 +737,13 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="mina-core-2.0.21.jar">
+      <library name="mina-core-2.0.25.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/mina-core-2.0.21.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/mina-core-2.0.25.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.21.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.25.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -823,13 +823,13 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="commons-compress-1.22.jar">
+      <library name="commons-compress-1.24.0.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/commons-compress-1.22.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/commons-compress-1.24.0.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/commons-compress-1.22.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/commons-compress-1.24.0.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -977,24 +977,24 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="tika-core-1.5.jar">
+      <library name="tika-core-1.28.5.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/tika-core-1.5.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/tika-core-1.28.5.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/tika-core-1.5.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/tika-core-1.28.5.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="jsoup-1.7.3.jar">
+      <library name="jsoup-1.16.2.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/jsoup-1.7.3.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/jsoup-1.16.2.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/jsoup-1.7.3.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/jsoup-1.16.2.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
diff --git a/src/main/java/com/gitblit/utils/JSoupXssFilter.java b/src/main/java/com/gitblit/utils/JSoupXssFilter.java
@@ -18,7 +18,7 @@
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
 import org.jsoup.safety.Cleaner;
-import org.jsoup.safety.Whitelist;
+import org.jsoup.safety.Safelist;
 
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
@@ -38,7 +38,7 @@ public class JSoupXssFilter implements XssFilter {
 
 	 @Inject
 	 public JSoupXssFilter() {
-		 none = new Cleaner(Whitelist.none());
+		 none = new Cleaner(Safelist.none());
 		 relaxed = new Cleaner(getRelaxedWhiteList());
 	}
 
@@ -64,8 +64,8 @@ protected String clean(String input, Cleaner cleaner) {
 	 * https://github.com/github/markup/tree/master#html-sanitization
 	 * @return a loose HTML whitelist
 	 */
-	protected Whitelist getRelaxedWhiteList() {
-		return new Whitelist()
+	protected Safelist getRelaxedWhiteList() {
+		return new Safelist()
         .addTags(
                 "a", "b", "blockquote", "br", "caption", "cite", "code", "col",
                 "colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr",
