require Jenkins 2.479.1 and Java 17

.github/workflows/ci-build.yml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        java: [11,17,21]
+        java: [17,21]
     steps:
       - uses: actions/checkout@v4
       - name: Set up JDK ${{ matrix.java }}
@@ -58,7 +58,7 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
           SONAR_ORGANIZATION: ${{ secrets.SONARCLOUD_ORGANIZATION }}
       - uses: actions/upload-artifact@v4
-        if: matrix.java == 11 && success()
+        if: matrix.java == 17 && success()
         with:
           path: target/dependency-track.hpi
           name: dependency-track.hpi

.github/workflows/codeql-analysis.yml

@@ -32,7 +32,7 @@ jobs:
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-        java: [11]
+        java: [17]
 
     steps:
     - name: Checkout repository

.github/workflows/release.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: 11
+          java-version: 17
           distribution: 'zulu'
           cache: 'maven'
           server-id: 'maven.jenkins-ci.org'

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## Unreleased
 ### ⚠ Breaking
+- require Jenkins 2.479.1 or newer
+- require Java 17 or newer (required since Jenkins 2.479.1)
+
 ### ⭐ New Features
 ### 🐞 Bugs Fixed
 

Jenkinsfile

@@ -2,6 +2,6 @@ buildPlugin(
   forkCount: '1C',
   useContainerAgent: true,
   useArtifactCachingProxy: false, // workaround for https://github.com/jenkins-infra/pipeline-library/issues/891
-  jdkVersions: [11],
+  jdkVersions: [17],
   platforms: ['linux'],
 )

pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
-        <version>4.88</version>
+        <version>5.3</version>
         <relativePath />
     </parent>
 
@@ -37,9 +37,9 @@
     </licenses>
 
     <properties>
-        <jenkins.version>2.440.1</jenkins.version>
+        <jenkins.version>2.479.1</jenkins.version>
         <hpi.compatibleSinceVersion>3.0.0</hpi.compatibleSinceVersion>
-        <configuration-as-code.version>1836.vccda_4a_122a_a_e</configuration-as-code.version>
+        <configuration-as-code.version>1850.va_a_8c31d3158b_</configuration-as-code.version>
         <byte-buddy.version>1.15.3</byte-buddy.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
@@ -370,36 +370,14 @@
                             <fail>true</fail>
                         </configuration>
                     </execution>
-                    <execution>
-                        <id>display-info</id>
-                        <configuration>
-                            <rules>
-                                <requireUpperBoundDeps>
-                                    <excludes>
-                                        <exclude>com.google.code.findbugs:annotations</exclude>
-                                        <exclude>com.google.code.findbugs:jsr305</exclude>
-                                        <exclude>com.google.guava:guava</exclude>
-                                        <exclude>commons-logging:commons-logging</exclude>
-                                        <exclude>javax.servlet:javax.servlet-api</exclude>
-                                        <exclude>javax.servlet:servlet-api</exclude>
-                                        <exclude>net.java.dev.jna:jna</exclude>
-                                        <exclude>org.kohsuke:access-modifier-annotation</exclude>
-                                        <exclude>com.github.spotbugs:spotbugs-annotations</exclude>
-                                        <exclude>org.ow2.asm:asm</exclude>
-                                        <exclude>net.bytebuddy:byte-buddy</exclude>
-                                    </excludes>
-                                </requireUpperBoundDeps>
-                            </rules>
-                        </configuration>
-                    </execution>
                 </executions>
             </plugin>
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
                     <statelessTestsetReporter implementation="org.apache.maven.plugin.surefire.extensions.junit5.JUnit5Xml30StatelessReporter">
                         <disable>false</disable>
-                        <version>3.0</version>
+                        <version>3.0.2</version>
                         <usePhrasedFileName>false</usePhrasedFileName>
                         <usePhrasedTestSuiteClassName>true</usePhrasedTestSuiteClassName>
                         <usePhrasedTestCaseClassName>true</usePhrasedTestCaseClassName>
@@ -456,7 +434,7 @@
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>credentials</artifactId>
-            <version>1378.v81ef4269d764</version>
+            <version>1393.v6017143c1763</version>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
@@ -466,12 +444,12 @@
         <dependency>
             <groupId>io.jenkins.plugins</groupId>
             <artifactId>okhttp-api</artifactId>
-            <version>4.11.0-172.vda_da_1feeb_c6e</version>
+            <version>4.11.0-181.v1de5b_83857df</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.retry</groupId>
             <artifactId>spring-retry</artifactId>
-            <version>1.3.4</version>
+            <version>2.0.10</version>
         </dependency>
         <dependency>
             <groupId>io.jenkins</groupId>

src/main/java/org/jenkinsci/plugins/DependencyTrack/ApiClient.java

@@ -28,7 +28,6 @@
 import java.util.Base64;
 import java.util.List;
 import java.util.Map;
-import java.util.stream.Collectors;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 import okhttp3.MediaType;
@@ -204,7 +203,7 @@ private List<Project> getProjectsPaged(final int page) throws ApiClientException
                     return JSONArray.fromObject(response.body().string()).stream()
                             .map(JSONObject.class::cast)
                             .map(ProjectParser::parse)
-                            .collect(Collectors.toList());
+                            .toList();
                 }
                 return List.of();
             } catch (IOException e) {
@@ -355,7 +354,7 @@ public void updateProjectProperties(@NonNull final String projectUuid, @NonNull
         final var updates = new JSONObject();
         final var tags = properties.getTags().stream()
                 .map(tag -> Map.of("name", tag))
-                .collect(Collectors.toList());
+                .toList();
         // overwrite tags if needed
         if (!tags.isEmpty()) {
             updates.element("tags", tags);

src/main/java/org/jenkinsci/plugins/DependencyTrack/DependencyTrackPublisher.java

@@ -32,8 +32,6 @@
 import hudson.tasks.Recorder;
 import hudson.util.Secret;
 import java.util.Optional;
-import java.util.stream.Collectors;
-import jenkins.model.RunAction2;
 import jenkins.tasks.SimpleBuildStep;
 import lombok.AccessLevel;
 import lombok.EqualsAndHashCode;
@@ -345,11 +343,11 @@ public void perform(@NonNull final Run<?, ?> run, @NonNull final FilePath worksp
         if (synchronous && StringUtils.isNotBlank(uploadResult.getToken())) {
             final var resultActions = publishAnalysisResult(logger, apiClient, uploadResult.getToken(), run, effectiveProjectName, effectiveProjectVersion);
             if (thresholds.hasValues()) {
-                final var resultAction = resultActions.get(0).map(ResultAction.class::cast).get();
+                final var resultAction = resultActions.findingsAction;
                 evaluateRiskGates(run, logger, resultAction.getSeverityDistribution(), thresholds);
             }
-            if (resultActions.get(1).isPresent()) {
-                final var violationsAction = resultActions.get(1).map(ViolationsRunAction.class::cast).get();
+            if (resultActions.violationsAction != null) {
+                final var violationsAction = resultActions.violationsAction;
                 evaluateViolations(run, logger, violationsAction.getViolations());
             }
         }
@@ -358,7 +356,7 @@ public void perform(@NonNull final Run<?, ?> run, @NonNull final FilePath worksp
         }
     }
 
-    private List<Optional<RunAction2>> publishAnalysisResult(final ConsoleLogger logger, final ApiClient apiClient, final String token, final Run<?, ?> build, final String effectiveProjectName, final String effectiveProjectVersion) throws InterruptedException, ApiClientException, AbortException {
+    private PublishAnalysisResult publishAnalysisResult(final ConsoleLogger logger, final ApiClient apiClient, final String token, final Run<?, ?> build, final String effectiveProjectName, final String effectiveProjectVersion) throws InterruptedException, ApiClientException, AbortException {
         final long timeout = System.currentTimeMillis() + (60000L * getEffectivePollingTimeout());
         final long interval = 1000L * getEffectivePollingInterval();
         logger.log(Messages.Builder_Polling());
@@ -401,8 +399,7 @@ private List<Optional<RunAction2>> publishAnalysisResult(final ConsoleLogger log
         linkAction.setProjectVersion(effectiveProjectVersion);
         build.addOrReplaceAction(linkAction);
 
-        // replace with record when using Java 17
-        return List.of(Optional.of(findingsAction), Optional.ofNullable(violationsAction));
+        return new PublishAnalysisResult(findingsAction, violationsAction);
     }
 
     private void evaluateRiskGates(final Run<?, ?> build, final ConsoleLogger logger, final SeverityDistribution currentDistribution, final Thresholds thresholds) throws AbortException {
@@ -648,9 +645,11 @@ private ProjectProperties expandProjectProperties(final EnvVars env) {
             Optional.ofNullable(projectProperties.getParentName()).map(env::expand).ifPresent(expandedProperties::setParentName);
             Optional.ofNullable(projectProperties.getParentVersion()).map(env::expand).ifPresent(expandedProperties::setParentVersion);
             Optional.ofNullable(projectProperties.getSwidTagId()).map(env::expand).ifPresent(expandedProperties::setSwidTagId);
-            expandedProperties.setTags(projectProperties.getTags().stream().map(env::expand).collect(Collectors.toList()));
+            expandedProperties.setTags(projectProperties.getTags().stream().map(env::expand).toList());
             return expandedProperties;
         }
         return null;
     }
+
+    private static record PublishAnalysisResult(@NonNull ResultAction findingsAction, @Nullable ViolationsRunAction violationsAction) {} 
 }

src/main/java/org/jenkinsci/plugins/DependencyTrack/DescriptorImpl.java

@@ -53,7 +53,7 @@
 import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
-import org.kohsuke.stapler.StaplerRequest;
+import org.kohsuke.stapler.StaplerRequest2;
 import org.kohsuke.stapler.verb.POST;
 
 import static org.jenkinsci.plugins.DependencyTrack.model.Permissions.*;
@@ -176,7 +176,7 @@ public ListBoxModel doFillProjectIdItems(@QueryParameter final String dependency
             final List<ListBoxModel.Option> options = apiClient.getProjects().stream()
                     .map(p -> new ListBoxModel.Option(p.getName().concat(" ").concat(Optional.ofNullable(p.getVersion()).orElse(StringUtils.EMPTY)).trim(), p.getUuid()))
                     .sorted(Comparator.comparing(o -> o.name))
-                    .collect(Collectors.toList());
+                    .toList();
             projects.add(new ListBoxModel.Option(Messages.Publisher_ProjectList_Placeholder(), StringUtils.EMPTY));
             projects.addAll(options);
         } catch (ApiClientException e) {
@@ -338,15 +338,9 @@ private FormValidation checkTeamPermissions(final ApiClient apiClient, final Str
         }
         sb.append("</ul>");
         switch (worst) {
-            case OK:
-                sb.insert(0, Messages.Publisher_ConnectionTest_Success(poweredBy));
-                break;
-            case WARNING:
-                sb.insert(0, Messages.Publisher_ConnectionTest_Warning(poweredBy));
-                break;
-            case ERROR:
-                sb.insert(0, Messages.Publisher_ConnectionTest_Error(poweredBy));
-                break;
+            case OK -> sb.insert(0, Messages.Publisher_ConnectionTest_Success(poweredBy));
+            case WARNING -> sb.insert(0, Messages.Publisher_ConnectionTest_Warning(poweredBy));
+            case ERROR -> sb.insert(0, Messages.Publisher_ConnectionTest_Error(poweredBy));
         }
         return FormValidation.respond(worst, String.format("<div class=\"%s\">%s</div>", worst.name().toLowerCase(Locale.ENGLISH), sb));
     }
@@ -360,7 +354,7 @@ private FormValidation checkTeamPermissions(final ApiClient apiClient, final Str
      * @throws FormException an exception validating form input
      */
     @Override
-    public boolean configure(final StaplerRequest req, final JSONObject formData) throws Descriptor.FormException {
+    public boolean configure(final StaplerRequest2 req, final JSONObject formData) throws Descriptor.FormException {
         req.bindJSON(this, formData);
         save();
         return super.configure(req, formData);

src/main/java/org/jenkinsci/plugins/DependencyTrack/FindingParser.java

@@ -19,7 +19,6 @@
 import java.util.List;
 import java.util.Optional;
 import java.util.function.Predicate;
-import java.util.stream.Collectors;
 import lombok.experimental.UtilityClass;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONNull;
@@ -87,7 +86,7 @@ private List<String> parseAliases(JSONObject json, String vulnId) {
                 .map(alias::getString)
                 .filter(Predicate.not(vulnId::equalsIgnoreCase)))
                 .distinct()
-                .collect(Collectors.toList())
+                .toList()
                 : null;
     }
 }

src/main/java/org/jenkinsci/plugins/DependencyTrack/JobAction.java

@@ -20,7 +20,6 @@
 import java.util.Comparator;
 import java.util.List;
 import java.util.Objects;
-import java.util.stream.Collectors;
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
@@ -65,7 +64,7 @@ public JSONArray getSeverityDistributionTrend() {
                 .sorted(Comparator.naturalOrder())
                 .map(run -> run.getAction(ResultAction.class)).filter(Objects::nonNull)
                 .map(ResultAction::getSeverityDistribution)
-                .collect(Collectors.toList());
+                .toList();
         return JSONArray.fromObject(severityDistributions);
     }
 

src/main/java/org/jenkinsci/plugins/DependencyTrack/ProjectParser.java

@@ -17,7 +17,6 @@
 
 import java.time.LocalDateTime;
 import java.util.List;
-import java.util.stream.Collectors;
 import lombok.experimental.UtilityClass;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
@@ -58,6 +57,6 @@ private List<String> parseTags(JSONArray tagArray) {
         return tagArray.stream()
                 .map(o -> getKeyOrNull((JSONObject) o, "name"))
                 .filter(StringUtils::isNotBlank)
-                .collect(Collectors.toList());
+                .toList();
     }
 }

src/main/java/org/jenkinsci/plugins/DependencyTrack/ProjectProperties.java

@@ -101,12 +101,12 @@ public List<String> getTags() {
     @DataBoundSetter
     @SuppressWarnings("unchecked")
     public void setTags(final Object value) {
-        if (value instanceof String) {
-            setTagsIntern((String) value);
-        } else if (value instanceof String[]) {
-            setTagsIntern((String[]) value);
-        } else if (value instanceof Collection && areAllElementsOfType((Collection) value, String.class)) {
-            setTagsIntern((Collection<String>) value);
+        if (value instanceof String string) {
+            setTagsIntern(string);
+        } else if (value instanceof String[] strings) {
+            setTagsIntern(strings);
+        } else if (value instanceof Collection collection && areAllElementsOfType(collection, String.class)) {
+            setTagsIntern(collection);
         } else if (value == null) {
             tags = null;
         } else {
@@ -169,7 +169,7 @@ private List<String> normalizeTags(final Collection<String> values) {
                 .map(String::toLowerCase)
                 .distinct()
                 .sorted()
-                .collect(Collectors.toList());
+                .toList();
     }
 
     @Extension

src/main/java/org/jenkinsci/plugins/DependencyTrack/ViolationParser.java

@@ -16,7 +16,6 @@
 package org.jenkinsci.plugins.DependencyTrack;
 
 import java.util.List;
-import java.util.stream.Collectors;
 import lombok.experimental.UtilityClass;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
@@ -32,7 +31,7 @@ List<Violation> parse(final String jsonResponse) {
         return jsonArray.stream()
                 .map(JSONObject.class::cast)
                 .map(ViolationParser::parseViolation)
-                .collect(Collectors.toList());
+                .toList();
     }
 
     private Violation parseViolation(JSONObject json) {

src/main/java/org/jenkinsci/plugins/DependencyTrack/ViolationsJobAction.java

@@ -82,7 +82,7 @@ public JSONArray getViolationsTrend() {
                     item.putIfAbsent(ViolationState.FAIL.name().toLowerCase(), 0);
                     return item;
                 })
-                .collect(Collectors.toList());
+                .toList();
         return JSONArray.fromObject(distributions);
     }
 

src/test/java/org/jenkinsci/plugins/DependencyTrack/DescriptorImplTest.java

@@ -47,7 +47,7 @@
 import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.MockAuthorizationStrategy;
 import org.jvnet.hudson.test.junit.jupiter.WithJenkins;
-import org.kohsuke.stapler.StaplerRequest;
+import org.kohsuke.stapler.StaplerRequest2;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
@@ -384,7 +384,7 @@ void getDependencyTrackPollingTimeoutTest() {
 
     @Test
     void configureTest() throws Descriptor.FormException {
-        StaplerRequest req = mock(StaplerRequest.class);
+        var req = mock(StaplerRequest2.class);
         JSONObject formData = new JSONObject()
                 .element("dependencyTrackUrl", "https://foo.bar/")
                 .element("dependencyTrackApiKey", "api-key")

src/test/java/org/jenkinsci/plugins/DependencyTrack/ProjectPropertiesTest.java

@@ -52,7 +52,7 @@ void testSetTags() {
         uut.setTags(new String[]{"tag2", "tag1"});
         assertThat(uut.getTags()).containsExactly("tag1", "tag2");
 
-        uut.setTags(Stream.of("TAG2", "tag2").collect(Collectors.toList()));
+        uut.setTags(Stream.of("TAG2", "tag2").toList());
         assertThat(uut.getTags()).containsExactly("tag2");
 
         uut.setTags(Stream.of("TAG2", "tag2").collect(Collectors.toSet()));