fix: resolve snyk vulnerabilities

build: update plugins and dependencies

build: clean up gradle configuration files

Author: stevecl5

build.gradle

@@ -1,7 +1,7 @@
 plugins {
+  id "com.github.mxenabled.coppuccino" version "6.+" apply false
+  id "com.github.mxenabled.vogue" version "3.+"
   id "idea"
-  id "com.github.mxenabled.coppuccino" version "5.+" apply false
-  id "com.github.mxenabled.vogue" version "2.+"
   id "io.freefair.lombok" version "8.+" apply false
   id "io.github.gradle-nexus.publish-plugin" version "1.1.+"
   id "com.netflix.nebula.maven-resolved-dependencies" version "21.2.0" apply false
@@ -11,63 +11,31 @@ version "7.0.0" // x-release-please-version
 
 def platformProject = "platform"
 
-allprojects {
-  if (it.name != platformProject) {
-    apply plugin: "java"
-  }
-
+subprojects {
   group "com.mx.path-facilities"
   description "MX Path Facilities"
   version rootProject.version
-  sourceCompatibility = JavaVersion.VERSION_17
-  targetCompatibility = JavaVersion.VERSION_17
-
-  repositories {
-    mavenCentral()
-    mavenLocal()
-  }
-
-  configurations.all {
-    resolutionStrategy.cacheChangingModulesFor 0, 'seconds'
-  }
 
   ext {
-    pathSDKVersion = "[5.0,6.0)"
+    pathCoreVersion = "[6.0,7.0)"
   }
-}
 
-subprojects {
-  if (it.name != platformProject) {
-    apply plugin: "java-library"
-    apply plugin: "groovy"
-    apply plugin: "maven-publish"
-    apply plugin: "signing"
+  if (it.name == platformProject) {
+    apply plugin: "java-platform"
+  } else {
     apply plugin: "com.github.mxenabled.coppuccino"
     apply plugin: "com.github.mxenabled.vogue"
+    apply plugin: "groovy"
+    apply plugin: "java-library"
     apply plugin: "io.freefair.lombok"
     apply plugin: "com.netflix.nebula.maven-resolved-dependencies"
 
-    dependencies {
-      constraints {
-        api "org.slf4j:slf4j-api:1.7.30"
-      }
-
-      implementation platform("com.mx.path-core:platform:${project.ext.pathSDKVersion}")
-      implementation "com.mx.path-core:common"
-      testImplementation "com.mx.path-core:testing"
-      testImplementation "org.spockframework:spock-core:2.4-M6-groovy-3.0"
-    }
-
-    test { useJUnitPlatform() }
-
-    compileJava { options.compilerArgs << "-parameters" }
-
-    javadoc {
-      classpath = configurations.compileClasspath
-      options {
-        setMemberLevel JavadocMemberLevel.PUBLIC
-        setAuthor true
+    java {
+      toolchain {
+        languageVersion = JavaLanguageVersion.of(17)
       }
+      withSourcesJar()
+      withJavadocJar()
     }
 
     coppuccino {
@@ -81,72 +49,81 @@ subprojects {
       dependencyUpdatesOutputDir = "${projectDir}/build/dependencyUpdates"
     }
 
-    task sourcesJar(type: Jar, dependsOn: classes) {
-      classifier = "sources"
-      from sourceSets.main.allSource
+    repositories {
+      mavenCentral()
+      mavenLocal()
     }
 
-    task packageJavadoc(type: Jar) {
-      classifier = "javadoc"
-      from javadoc
+    dependencies {
+      implementation platform("com.mx.path-core:platform:${project.ext.pathCoreVersion}")
+      implementation "com.mx.path-core:common"
+
+      testImplementation "com.mx.path-core:testing"
     }
 
-    artifacts {
-      archives sourcesJar
-      archives jar
-      archives packageJavadoc
+    test { useJUnitPlatform() }
+
+    compileJava { options.compilerArgs << "-parameters" }
+
+    javadoc {
+      classpath = configurations.compileClasspath
+      options {
+        setMemberLevel JavadocMemberLevel.PUBLIC
+        setAuthor true
+      }
     }
+  }
 
-    publishing {
-      publications {
-        maven(MavenPublication) {
-          from components.java
-          artifact sourcesJar
-          artifact packageJavadoc
-
-          pom {
-            groupId = project.group
-            artifactId = project.name
-            name = project.name
-            description = project.description
-            url = "https://github.com/mxenabled/path-facilities"
-
-            developers {
-              developer {
-                name = "MX"
-                email = "path@mx.com"
-                organization = "MX Technologies Inc."
-                url = "http://www.mx.com"
-              }
+  apply plugin: "maven-publish"
+  apply plugin: "signing"
+
+  publishing {
+    publications {
+      maven(MavenPublication) {
+        from(project.name == platformProject ? components.javaPlatform : components.java)
+
+        pom {
+          groupId = project.group
+          artifactId = project.name
+          name = project.name
+          description = project.description
+          url = "https://github.com/mxenabled/path-facilities"
+
+          developers {
+            developer {
+              name = "MX"
+              email = "path@mx.com"
+              organization = "MX Technologies Inc."
+              url = "http://www.mx.com"
             }
+          }
 
-            licenses {
-              license {
-                name = "Proprietary"
-                url = "https://github.com/mxenabled/path-facilities/blob/master/LICENSE"
-                distribution = "repo"
-              }
+          licenses {
+            license {
+              name = "Proprietary"
+              url = "https://github.com/mxenabled/path-facilities/blob/master/LICENSE"
+              distribution = "repo"
             }
+          }
 
-            scm {
-              connection = "scm:git:git@github.com:mxenabled/path-facilities.git"
-              url = "https://github.com/mxenabled/path-facilities/tree/master"
-            }
+          scm {
+            connection = "scm:git:git@github.com:mxenabled/path-facilities.git"
+            url = "https://github.com/mxenabled/path-facilities/tree/master"
           }
         }
       }
     }
+  }
 
-    signing {
-      def signingKey = findProperty("signingKey")
-      def signingPassword = findProperty("signingKeyPassword")
-      if (signingKey != null && signingKey != "") {
-        useInMemoryPgpKeys(signingKey, signingPassword)
-        sign publishing.publications.maven
-        logger.lifecycle("Configuring signing for ${project.name}")
-      } else {
-        logger.lifecycle("Skipping artifact signing for ${project.name} - missing signing key")
-      }
+  signing {
+    def signingKey = findProperty("signingKey")
+    def signingPassword = findProperty("signingKeyPassword")
+    if (signingKey != null && signingKey != "") {
+      useInMemoryPgpKeys(signingKey, signingPassword)
+      sign publishing.publications.maven
+      logger.lifecycle("Configuring signing for ${project.name}")
+    } else {
+      logger.lifecycle("Skipping artifact signing for ${project.name} - missing signing key")
     }
   }
 }
@@ -166,25 +143,16 @@ nexusPublishing {
 }
 
 task spotlessApply {
-  subprojects.each {
-    if (it.name != platformProject) {
-      it.afterEvaluate {
-        def spotlessApplyTask = it.tasks.findByName("spotlessApply")
-        dependsOn(spotlessApplyTask)
-      }
-    }
-  }
+  dependsOn subprojects.findAll { it.name != platformProject }.collect { "${it.path}:spotlessApply" }
 }
 
 task subdependencies {
-  subprojects.each {
-    if (it.name != platformProject) {
-      it.afterEvaluate {
-        def dependenciesTask = it.tasks.findByName("dependencies")
-        dependsOn(dependenciesTask)
-      }
-    }
-  }
+  dependsOn subprojects.findAll { it.name != platformProject }.collect { "${it.path}:dependencies" }
 }
 
 project.tasks.getByPath("dependencies").finalizedBy("subdependencies")
+
+wrapper {
+  gradleVersion = "7.6.4"
+  distributionType = Wrapper.DistributionType.ALL
+}

encryption-service-jasypt/build.gradle

@@ -2,18 +2,12 @@ coppuccino {
   coverage {
     minimumCoverage = 1.00
   }
-  dependencies {
-    excludePreReleaseVersions = true
-  }
 }
 
 dependencies {
   implementation "org.jasypt:jasypt:1.9.3"
   implementation "commons-codec:commons-codec:1.15"
   compileOnly "org.slf4j:slf4j-api"
 
-  //testing dependencies
-  testImplementation "org.mockito:mockito-inline:[5.0,6.0)"
-  testImplementation "org.slf4j:slf4j-simple:1.7.30"
-  testImplementation "org.spockframework:spock-core:2.4-M6-groovy-3.0"
+  testImplementation "org.slf4j:slf4j-simple"
 }

encryption-service-jasypt/dependency_suppression.xml

@@ -1,18 +1,18 @@
 # This is a Gradle generated file for dependency locking.
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
-com.auth0:java-jwt:4.5.0=testRuntimeClasspath
+com.auth0:java-jwt:4.5.1=testRuntimeClasspath
 com.datadoghq:dd-trace-api:1.38.0=testRuntimeClasspath
-com.fasterxml.jackson.core:jackson-annotations:2.15.4=testRuntimeClasspath
-com.fasterxml.jackson.core:jackson-core:2.15.4=testRuntimeClasspath
-com.fasterxml.jackson.core:jackson-databind:2.15.4=testRuntimeClasspath
-com.fasterxml.jackson:jackson-bom:2.15.4=testRuntimeClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.21=testRuntimeClasspath
+com.fasterxml.jackson.core:jackson-core:2.21.0=testRuntimeClasspath
+com.fasterxml.jackson.core:jackson-databind:2.21.0=testRuntimeClasspath
+com.fasterxml.jackson:jackson-bom:2.21.0=testRuntimeClasspath
 com.github.oowekyala.ooxml:nice-xml-messages:3.1=pmd
 com.github.rholder:guava-retrying:2.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-com.github.spotbugs:spotbugs-annotations:4.9.8=compileClasspath,runtimeClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath
+com.github.spotbugs:spotbugs-annotations:4.9.8=annotationProcessor,compileClasspath,spotbugs,testAnnotationProcessor,testCompileClasspath
 com.github.spotbugs:spotbugs:4.9.8=spotbugs
 com.github.stephenc.jcip:jcip-annotations:1.0-1=spotbugs
-com.google.code.findbugs:jsr305:3.0.2=checkstyle,compileClasspath,runtimeClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath
+com.google.code.findbugs:jsr305:3.0.2=annotationProcessor,checkstyle,compileClasspath,runtimeClasspath,spotbugs,testAnnotationProcessor,testCompileClasspath,testRuntimeClasspath
 com.google.code.gson:gson:2.13.1=pmd
 com.google.code.gson:gson:2.13.2=compileClasspath,runtimeClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath
 com.google.errorprone:error_prone_annotations:2.36.0=checkstyle
@@ -25,13 +25,13 @@ com.google.guava:guava:33.4.8-jre=checkstyle
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=checkstyle,compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 com.google.j2objc:j2objc-annotations:2.8=compileClasspath,testCompileClasspath
 com.google.j2objc:j2objc-annotations:3.0.0=checkstyle
-com.mx.path-core:common:5.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-com.mx.path-core:context:5.0.0=testRuntimeClasspath
-com.mx.path-core:gateway:5.0.0=testRuntimeClasspath
-com.mx.path-core:messaging:5.0.0=testRuntimeClasspath
-com.mx.path-core:platform:5.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-com.mx.path-core:testing:5.0.0=testCompileClasspath,testRuntimeClasspath
-com.mx.path-core:utilities:5.0.0=testRuntimeClasspath
+com.mx.path-core:common:6.0.1-SNAPSHOT=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+com.mx.path-core:context:6.0.1-SNAPSHOT=testRuntimeClasspath
+com.mx.path-core:gateway:6.0.1-SNAPSHOT=testRuntimeClasspath
+com.mx.path-core:messaging:6.0.1-SNAPSHOT=testRuntimeClasspath
+com.mx.path-core:platform:6.0.1-SNAPSHOT=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+com.mx.path-core:testing:6.0.1-SNAPSHOT=testCompileClasspath,testRuntimeClasspath
+com.mx.path-core:utilities:6.0.1-SNAPSHOT=testRuntimeClasspath
 com.puppycrawl.tools:checkstyle:10.25.0=checkstyle
 com.sun.istack:istack-commons-runtime:4.1.2=testRuntimeClasspath
 com.sun.xml.bind:jaxb-core:4.0.6=testRuntimeClasspath
@@ -40,7 +40,6 @@ commons-beanutils:commons-beanutils:1.11.0=checkstyle
 commons-codec:commons-codec:1.15=checkstyle,compileClasspath,pmd,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 commons-collections:commons-collections:3.2.2=checkstyle
 commons-io:commons-io:2.20.0=spotbugs
-commons-lang:commons-lang:2.6=testRuntimeClasspath
 commons-logging:commons-logging:1.2=testRuntimeClasspath
 info.picocli:picocli:4.7.7=checkstyle
 io.github.cdimascio:dotenv-java:2.3.2=testRuntimeClasspath
@@ -54,7 +53,7 @@ jakarta.xml.soap:jakarta.xml.soap-api:3.0.2=testRuntimeClasspath
 jaxen:jaxen:2.0.0=spotbugs
 net.bytebuddy:byte-buddy-agent:1.14.1=testCompileClasspath,testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.14.1=testCompileClasspath
-net.bytebuddy:byte-buddy:1.17.7=testRuntimeClasspath
+net.bytebuddy:byte-buddy:1.18.3=testRuntimeClasspath
 net.sf.saxon:Saxon-HE:12.5=checkstyle,pmd
 net.sf.saxon:Saxon-HE:12.9=spotbugs
 net.sourceforge.pmd:pmd-ant:7.16.0=pmd
@@ -63,28 +62,28 @@ net.sourceforge.pmd:pmd-java:7.16.0=pmd
 org.antlr:antlr4-runtime:4.13.2=checkstyle
 org.antlr:antlr4-runtime:4.9.3=pmd
 org.apache.bcel:bcel:6.11.0=spotbugs
-org.apache.commons:commons-lang3:3.18.0=pmd
+org.apache.commons:commons-lang3:3.18.0=checkstyle,pmd
 org.apache.commons:commons-lang3:3.19.0=spotbugs
 org.apache.commons:commons-lang3:3.20.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-org.apache.commons:commons-lang3:3.8.1=checkstyle
 org.apache.commons:commons-text:1.14.0=spotbugs
 org.apache.commons:commons-text:1.15.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.apache.commons:commons-text:1.3=checkstyle
 org.apache.httpcomponents.client5:httpclient5:5.1.3=checkstyle,pmd
 org.apache.httpcomponents.core5:httpcore5-h2:5.1.3=checkstyle,pmd
 org.apache.httpcomponents.core5:httpcore5:5.1.3=checkstyle,pmd
-org.apache.httpcomponents:httpclient:4.5.13=checkstyle,testRuntimeClasspath
-org.apache.httpcomponents:httpcore:4.4.13=testRuntimeClasspath
+org.apache.httpcomponents:httpclient:4.5.13=checkstyle
+org.apache.httpcomponents:httpclient:4.5.14=testRuntimeClasspath
 org.apache.httpcomponents:httpcore:4.4.14=checkstyle
-org.apache.logging.log4j:log4j-api:2.25.2=spotbugs
-org.apache.logging.log4j:log4j-core:2.25.2=spotbugs
+org.apache.httpcomponents:httpcore:4.4.16=testRuntimeClasspath
+org.apache.logging.log4j:log4j-api:2.25.3=spotbugs
+org.apache.logging.log4j:log4j-core:2.25.3=spotbugs
 org.apache.maven.doxia:doxia-core:1.12.0=checkstyle
 org.apache.maven.doxia:doxia-logging-api:1.12.0=checkstyle
 org.apache.maven.doxia:doxia-module-xdoc:1.12.0=checkstyle
 org.apache.maven.doxia:doxia-sink-api:1.12.0=checkstyle
 org.apache.xbean:xbean-reflect:3.7=checkstyle
 org.apiguardian:apiguardian-api:1.1.2=testCompileClasspath
-org.assertj:assertj-core:3.27.6=testRuntimeClasspath
+org.assertj:assertj-core:3.27.7=testRuntimeClasspath
 org.checkerframework:checker-qual:3.37.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.checkerframework:checker-qual:3.49.3=checkstyle
 org.checkerframework:checker-qual:3.49.5=pmd
@@ -106,13 +105,10 @@ org.jacoco:org.jacoco.report:0.8.8=jacocoAnt
 org.jasypt:jasypt:1.9.3=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.javassist:javassist:3.28.0-GA=checkstyle,testRuntimeClasspath
 org.jspecify:jspecify:1.0.0=checkstyle
-org.junit.jupiter:junit-jupiter-api:5.14.0=testRuntimeClasspath
-org.junit.platform:junit-platform-commons:1.12.2=testCompileClasspath
-org.junit.platform:junit-platform-commons:1.14.0=testRuntimeClasspath
-org.junit.platform:junit-platform-engine:1.12.2=testCompileClasspath
-org.junit.platform:junit-platform-engine:1.14.0=testRuntimeClasspath
-org.junit:junit-bom:5.12.2=testCompileClasspath
-org.junit:junit-bom:5.14.0=runtimeClasspath,spotbugs,testRuntimeClasspath
+org.junit.jupiter:junit-jupiter-api:5.14.0=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-commons:1.14.0=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-engine:1.14.0=testCompileClasspath,testRuntimeClasspath
+org.junit:junit-bom:5.14.0=annotationProcessor,spotbugs,testAnnotationProcessor,testCompileClasspath,testRuntimeClasspath
 org.mockito:mockito-core:5.2.0=testCompileClasspath,testRuntimeClasspath
 org.mockito:mockito-inline:5.2.0=testCompileClasspath,testRuntimeClasspath
 org.objenesis:objenesis:3.3=runtimeClasspath,testRuntimeClasspath