Merge branch 'eclipse-sw360:main' into bulk-delete-api

.github/dependabot.yml

@@ -3,14 +3,14 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
 
   - package-ecosystem: docker
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
 
   - package-ecosystem: maven
     directory: /
     schedule:
-      interval: daily
+      interval: weekly

.github/workflows/build_and_test.yml

@@ -62,7 +62,7 @@ jobs:
           sudo sed -i 's/^couchdb.password\s*=/& '${COUCHDB_PASSWORD}'/' /etc/sw360/couchdb-test.properties
 
       - name: Set up JDK 21
-        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           java-version: "21"
           distribution: "temurin"

.github/workflows/codeql.yml

@@ -68,7 +68,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -96,6 +96,6 @@ jobs:
           exit 1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/docker_deploy.yml

@@ -52,7 +52,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up JDK 17
-        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           java-version: "17"
           cache: "maven"

.github/workflows/scorecard.yml

@@ -55,6 +55,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif

Dockerfile

@@ -47,7 +47,7 @@ COPY --from=sw360thriftbuild /usr/local/bin/thrift /usr/local/bin/thrift
 # SW360 Build Test image
 
 # 3-eclipse-temurin-21
-FROM maven@sha256:85d505fc45ba12ca042b3f4a27eb47a657d186111c4df0a9b15cc5d9359f9266 AS sw360test
+FROM maven@sha256:b89ede2635fb8ebd9ba7a3f7d56140f2bd31337b8b0e9fa586b657ee003307a7 AS sw360test
 
 COPY --from=localthrift /usr/local/bin/thrift /usr/bin
 
@@ -60,7 +60,7 @@ SHELL ["/bin/bash", "-c"]
 # is triggered by buildkit images
 
 # 3-eclipse-temurin-21
-FROM maven@sha256:85d505fc45ba12ca042b3f4a27eb47a657d186111c4df0a9b15cc5d9359f9266 AS sw360build
+FROM maven@sha256:b89ede2635fb8ebd9ba7a3f7d56140f2bd31337b8b0e9fa586b657ee003307a7 AS sw360build
 
 ARG COUCHDB_HOST=localhost
 

backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java

@@ -22,7 +22,7 @@
 import com.google.gson.JsonObject;
 
 import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.thrift.TException;
 import org.eclipse.sw360.common.utils.BackendUtils;
 import org.eclipse.sw360.components.summary.SummaryType;
@@ -1319,7 +1319,7 @@ public List<Project> fillClearingStateSummaryIncludingSubprojects(List<Project>
 
         return projects;
     }
-    
+
     public Project fillClearingStateSummaryIncludingSubprojectsForSingleProject(Project project, User user) {
         final Map<String, Project> allProjectsIdMap = getRefreshedAllProjectsIdMap();
 

backend/fossology/src/main/java/org/eclipse/sw360/fossology/FossologyHandler.java

@@ -25,7 +25,7 @@
 import org.eclipse.sw360.fossology.config.FossologyRestConfig;
 import org.eclipse.sw360.fossology.rest.FossologyRestClient;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.thrift.TException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -159,7 +159,7 @@ public ExternalToolProcess process(String releaseId, User user, String uploadDes
 
         FossologyUtils.ensureOrderOfProcessSteps(fossologyProcess);
 
-        ExternalToolProcessStep furthestStep = fossologyProcess.getProcessSteps().get(fossologyProcess.getProcessSteps().size() - 1); 
+        ExternalToolProcessStep furthestStep = fossologyProcess.getProcessSteps().get(fossologyProcess.getProcessSteps().size() - 1);
         if (FossologyUtils.FOSSOLOGY_STEP_NAME_UPLOAD.equals(furthestStep.getStepName())) {
             handleUploadStep(componentClient, release, user, fossologyProcess, sourceAttachment, uploadDescription);
         } else if (FossologyUtils.FOSSOLOGY_STEP_NAME_SCAN.equals(furthestStep.getStepName())) {

backend/fossology/src/main/java/org/eclipse/sw360/fossology/rest/FossologyRestClient.java

@@ -16,7 +16,7 @@
 import org.eclipse.sw360.datahandler.common.CommonUtils;
 import org.eclipse.sw360.fossology.config.FossologyRestConfig;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

backend/licenseinfo/pom.xml

@@ -7,8 +7,8 @@
   ~
   ~ SPDX-License-Identifier: EPL-2.0
   -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -20,7 +20,9 @@
     <artifactId>backend-licenseinfo</artifactId>
     <packaging>war</packaging>
     <name>backend-licenseinfo</name>
-    <build><finalName>licenseinfo</finalName></build>
+    <build>
+        <finalName>licenseinfo</finalName>
+    </build>
     <properties>
         <artifact.deploy.dir>${backend.deploy.dir}</artifact.deploy.dir>
     </properties>
@@ -31,6 +33,10 @@
             <artifactId>backend-common</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity-engine-core</artifactId>

backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/LicenseInfoHandler.java

@@ -40,7 +40,7 @@
 import org.eclipse.sw360.licenseinfo.outputGenerators.*;
 import org.eclipse.sw360.licenseinfo.parsers.*;
 import org.eclipse.sw360.licenseinfo.util.LicenseNameWithTextUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.thrift.TException;

backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/outputGenerators/DocxUtils.java

@@ -12,7 +12,7 @@
 
 package org.eclipse.sw360.licenseinfo.outputGenerators;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.poi.xwpf.usermodel.*;
 import org.apache.xmlbeans.XmlException;
 import org.eclipse.sw360.datahandler.common.CommonUtils;

backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/outputGenerators/XhtmlGenerator.java

@@ -12,7 +12,7 @@
 
 package org.eclipse.sw360.licenseinfo.outputGenerators;
 
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.eclipse.sw360.datahandler.thrift.SW360Exception;
@@ -68,7 +68,7 @@ private String generateDisclosure(Collection<LicenseInfoParsingResult> projectLi
     }
 
     private String convertHeaderTextToHTML(String headerText) {
-        String html = StringEscapeUtils.escapeHtml(headerText);
+        String html = StringEscapeUtils.escapeHtml4(headerText);
         html = html.replace("\n", "<br>");
         return html;
     }

backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/parsers/AbstractCLIParser.java

@@ -10,7 +10,7 @@
 package org.eclipse.sw360.licenseinfo.parsers;
 
 import com.google.common.collect.Sets;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -88,7 +88,7 @@ public List<String> getApplicableFileExtensions() {
     }
 
     protected static String normalizeEscapedXhtml(Node node) {
-        return StringEscapeUtils.unescapeHtml(StringEscapeUtils.unescapeXml(node.getTextContent().trim()));
+        return StringEscapeUtils.unescapeHtml4(StringEscapeUtils.unescapeXml(node.getTextContent().trim()));
     }
 
     protected static String normalizeSpace(Node node) {

backend/search/src/main/java/org/eclipse/sw360/search/db/SearchDocument.java

@@ -10,7 +10,7 @@
 package org.eclipse.sw360.search.db;
 
 import org.eclipse.sw360.datahandler.common.SW360Constants;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 
 import java.util.Collections;
 import java.util.HashMap;

backend/vmcomponents/src/main/java/org/eclipse/sw360/vmcomponents/VMComponentHandler.java

@@ -18,7 +18,7 @@
 
 import org.eclipse.sw360.datahandler.thrift.vmcomponents.*;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.thrift.TException;
 

backend/vmcomponents/src/main/java/org/eclipse/sw360/vmcomponents/common/SVMMapper.java

@@ -6,7 +6,7 @@
 
 import com.google.common.base.Joiner;
 import org.eclipse.sw360.datahandler.thrift.vmcomponents.*;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.eclipse.sw360.datahandler.common.SW360Constants;
 import org.eclipse.sw360.datahandler.common.SW360Utils;

backend/vmcomponents/src/main/java/org/eclipse/sw360/vmcomponents/db/VMDatabaseHandler.java

@@ -8,7 +8,7 @@
 import org.eclipse.sw360.datahandler.cloudantclient.DatabaseConnectorCloudant;
 import org.eclipse.sw360.datahandler.thrift.vmcomponents.*;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.thrift.TBase;
 import org.eclipse.sw360.datahandler.common.DatabaseSettings;

backend/vmcomponents/src/main/java/org/eclipse/sw360/vmcomponents/handler/SVMSyncHandler.java

@@ -7,7 +7,7 @@
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Sets;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.thrift.TBase;
 import org.eclipse.sw360.datahandler.common.DatabaseSettings;

backend/vmcomponents/src/main/java/org/eclipse/sw360/vmcomponents/process/VMProcessHandler.java

@@ -6,7 +6,7 @@
 
 import org.eclipse.sw360.datahandler.thrift.vmcomponents.VMComponent;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.thrift.TBase;
 import org.eclipse.sw360.datahandler.common.SW360Utils;

backend/vmcomponents/src/test/java/org/eclipse/sw360/vmcomponents/handler/SVMSyncHandlerTest.java

@@ -7,7 +7,7 @@
 import org.eclipse.sw360.datahandler.thrift.vmcomponents.*;
 import org.eclipse.sw360.vmcomponents.AbstractJSONMockTest;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.thrift.TException;
 import org.eclipse.sw360.datahandler.TestUtils;
 import org.eclipse.sw360.datahandler.cloudantclient.DatabaseConnectorCloudant;
@@ -388,4 +388,4 @@ public void testFindMatchByReleaseText() throws Exception {
         assertTrue(match.getMatchTypes().contains(VMMatchType.VERSION_RC));
         assertEquals(VMMatchState.MATCHING_LEVEL_3, match.getState());
     }
-}
+}

backend/vulnerabilities-core/src/main/java/org/eclipse/sw360/vulnerabilities/db/VulnerabilityDatabaseHandler.java

@@ -22,7 +22,7 @@
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.*;
 import org.eclipse.sw360.vulnerabilities.common.VulnerabilityMapper;
 import org.apache.hc.core5.http.HttpStatus;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.thrift.TBase;

backend/vulnerabilities/src/main/java/org/eclipse/sw360/vulnerabilities/VulnerabilityHandler.java

@@ -34,7 +34,7 @@
 import org.eclipse.sw360.vulnerabilities.common.VulnerabilityMapper;
 import org.eclipse.sw360.vulnerabilities.db.VulnerabilityDatabaseHandler;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.thrift.TException;

keycloak/event-listeners/pom.xml

@@ -56,7 +56,7 @@
         <dependency>
             <groupId>org.jboss.logging</groupId>
             <artifactId>jboss-logging</artifactId>
-            <version>3.5.0.Final</version>
+            <version>3.6.1.Final</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>

libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/cloudantclient/DatabaseConnectorCloudant.java

@@ -785,7 +785,7 @@ public boolean contains(@NotNull String docId) {
      * @return New selector
      */
     public static @NotNull Map<String, Object> elemMatch(String field, String value) {
-        return Collections.singletonMap("$elemMatch",
-                eq(field, value));
+        return Collections.singletonMap(field,
+                eq("$elemMatch", value));
     }
 }

libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/couchdb/lucene/NouveauLuceneAwareDatabaseConnector.java

@@ -317,8 +317,14 @@ private static String sanitizeQueryInput(String input) {
         return "[" + dateToNouveauDouble(dates[0]) + RANGE_TO + dateToNouveauDouble(dates[1]) + "]";
     }
 
+    /**
+     * Parse dates from String in (yyyy-MM-dd) format to Nouveau format (yyyyMMdd) which is used as a double in queries.
+     * @param date Date to convert
+     * @return Parsed date for Nouveau
+     * @throws ParseException If input date cannot be parsed
+     * @see #dateToNouveauFormat(Date)
+     */
     public static @NotNull String dateToNouveauDouble(String date) throws ParseException {
-        SimpleDateFormat outputFormatter = new SimpleDateFormat("yyyyMMdd");
         SimpleDateFormat inputFormatterDate = new SimpleDateFormat("yyyy-MM-dd");
         Date parsedDate;
         try {
@@ -328,6 +334,17 @@ private static String sanitizeQueryInput(String input) {
         } catch (Exception e) {
             throw new ParseException("Date format not recognized", 0);
         }
-        return outputFormatter.format(parsedDate.getTime());
+        return dateToNouveauFormat(parsedDate);
+    }
+
+    /**
+     * Convert a java.util.Date object to Nouveau format (yyyyMMdd) which is used as a double in queries.
+     * @param date Date to convert
+     * @return Parsed date for Nouveau
+     * @see #dateToNouveauDouble(String)
+     */
+    public static @NotNull String dateToNouveauFormat(Date date) {
+        SimpleDateFormat outputFormatter = new SimpleDateFormat("yyyyMMdd");
+        return outputFormatter.format(date.getTime());
     }
 }

libraries/datahandler/src/test/java/org/eclipse/sw360/datahandler/permissions/DocumentPermissionsTest.java

@@ -12,7 +12,7 @@
 import com.tngtech.java.junit.dataprovider.DataProvider;
 import com.tngtech.java.junit.dataprovider.DataProviderRunner;
 import com.tngtech.java.junit.dataprovider.UseDataProvider;
-import org.apache.commons.lang.NotImplementedException;
+import org.apache.commons.lang3.NotImplementedException;
 import org.eclipse.sw360.datahandler.thrift.users.RequestedAction;
 import org.junit.Test;
 import org.junit.runner.RunWith;

libraries/nouveau-handler/pom.xml

@@ -162,28 +162,18 @@
         <dependency>
             <groupId>com.ibm.cloud</groupId>
             <artifactId>cloudant</artifactId>
-            <version>${cloudantsdk.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-lang</groupId>
-            <artifactId>commons-lang</artifactId>
-            <version>2.6</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>joda-time</groupId>
             <artifactId>joda-time</artifactId>
-            <version>2.13.0</version>
         </dependency>
         <dependency>
             <groupId>org.jetbrains</groupId>
             <artifactId>annotations</artifactId>
-            <version>26.0.1</version>
         </dependency>
     </dependencies>