#2 Addressing issues specified in #2

jimbethancourt · jimbethancourt · commit 939ec0147af0 · 2021-01-21T20:44:25.000-06:00
Addressed two critical vulnerabilities
Excluded Saxon due to MPL 1.0 license unknown issue reported
Updating README.md to specify 0.1.1
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ The graph generated in the report will look similar to this one:
 Run the following command from the root of your project (the source code does not need to be built):
 
 ```bash
-mvn org.hjug.refactorfirst.plugin:refactor-first-maven-plugin:0.1.0:report
+mvn org.hjug.refactorfirst.plugin:refactor-first-maven-plugin:0.1.1:report
 ```
 
 ### As Part of a Build
@@ -22,7 +22,7 @@ Add the following to your project in the build section:
         <plugin>
             <groupId>org.hjug.refactorfirst.plugin</groupId>
             <artifactId>refactor-first-maven-plugin</artifactId>
-            <version>0.1.0</version>       
+            <version>0.1.1</version>       
         </plugin>
         ...
     </plugins>
@@ -38,7 +38,7 @@ Add the following to your project in the reports section:
         <plugin>
             <groupId>org.hjug.refactorfirst.plugin</groupId>
             <artifactId>refactor-first-maven-plugin</artifactId>
-            <version>0.1.0</version>       
+            <version>0.1.1</version>       
         </plugin>
         ...
     </plugins>
diff --git a/effort-ranker/pom.xml b/effort-ranker/pom.xml
@@ -15,6 +15,16 @@
         <dependency>
             <groupId>net.sourceforge.pmd</groupId>
             <artifactId>pmd-java</artifactId>
+            <!--
+            Done to accommodate unknown license issue specified in
+            https://github.com/jimbethancourt/RefactorFirst/issues/2
+            -->
+            <exclusions>
+                <exclusion>
+                    <groupId>net.sourceforge.saxon</groupId>
+                    <artifactId>saxon</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
diff --git a/refactor-first-maven-plugin/pom.xml b/refactor-first-maven-plugin/pom.xml
@@ -18,6 +18,16 @@
             <artifactId>graph-data-generator</artifactId>
         </dependency>
 
+        <!--
+        Added to address https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078
+        Commons collections is used in maven-reporting-impl
+        -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-impl</artifactId>
@@ -44,7 +54,7 @@
         <dependency>
             <groupId>org.apache.maven.shared</groupId>
             <artifactId>maven-shared-utils</artifactId>
-            <version>3.2.0</version>
+            <version>3.3.3</version>
         </dependency>
 
         <dependency>
