From b42c593956635ac3893d0a3783e192290f4f01c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tibor=20Zim=C3=A1nyi?= <tibor@zimanyi.cz>
Date: Wed, 3 Apr 2024 09:05:33 +0200
Subject: [PATCH] [7.67.x-blue] RHPAM-3709: upgrade maven dependencies to
 address CVE-2021-26291 (#298)

* RHPAM-3709: upgrade maven dependencies to address CVE-2021-26291

* Remove one unneeded dependency exclusion.

---------

Co-authored-by: Alex Porcelli <alex@porcelli.me>
---
 jbpm-workitem-itests/pom.xml   |  4 ----
 mavenembedder-workitem/pom.xml | 21 ++++++++-----------
 pom.xml                        | 37 ----------------------------------
 3 files changed, 8 insertions(+), 54 deletions(-)

diff --git a/jbpm-workitem-itests/pom.xml b/jbpm-workitem-itests/pom.xml
index bd8f60c7d..245476a3d 100644
--- a/jbpm-workitem-itests/pom.xml
+++ b/jbpm-workitem-itests/pom.xml
@@ -116,10 +116,6 @@
           <groupId>org.hamcrest</groupId>
           <artifactId>hamcrest</artifactId>
         </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-jcl</artifactId>
-        </exclusion>
         <exclusion>
           <groupId>org.junit.jupiter</groupId>
           <artifactId>junit-jupiter</artifactId>
diff --git a/mavenembedder-workitem/pom.xml b/mavenembedder-workitem/pom.xml
index a661cc854..01ae8c82a 100644
--- a/mavenembedder-workitem/pom.xml
+++ b/mavenembedder-workitem/pom.xml
@@ -59,11 +59,11 @@
           <artifactId>org.eclipse.sisu.plexus</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.sonatype.plexus</groupId>
+          <groupId>org.codehaus.plexus</groupId>
           <artifactId>plexus-sec-dispatcher</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.sonatype.plexus</groupId>
+          <groupId>org.codehaus.plexus</groupId>
           <artifactId>plexus-cipher</artifactId>
         </exclusion>
       </exclusions>
@@ -114,23 +114,23 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>org.sonatype.plexus</groupId>
+      <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-sec-dispatcher</artifactId>
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>org.sonatype.plexus</groupId>
+      <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-cipher</artifactId>
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>org.eclipse.aether</groupId>
-      <artifactId>aether-connector-basic</artifactId>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-connector-basic</artifactId>
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>org.eclipse.aether</groupId>
-      <artifactId>aether-transport-wagon</artifactId>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-transport-wagon</artifactId>
       <scope>provided</scope>
     </dependency>
     <dependency>
@@ -143,11 +143,6 @@
       <artifactId>wagon-provider-api</artifactId>
       <scope>provided</scope>
     </dependency>
-    <dependency>
-      <groupId>org.apache.maven.wagon</groupId>
-      <artifactId>wagon-http-lightweight</artifactId>
-      <scope>provided</scope>
-    </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
diff --git a/pom.xml b/pom.xml
index c6cc7bfd9..7cbd54fff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,11 +56,9 @@
     <version.rxjava>1.2.4</version.rxjava>
     <version.owm>2.5.2.2</version.owm>
     <version.commons.net>3.6</version.commons.net>
-    <version.maven.embedder>3.3.3</version.maven.embedder>
     <version.wildfly.maven.plugin>1.2.1.Final</version.wildfly.maven.plugin>
     <version.war.plugin>3.2.2</version.war.plugin>
     <version.apache.commons.io>2.5</version.apache.commons.io>
-    <version.maven.model>3.3.9</version.maven.model>
     <version.jslack>1.1.4</version.jslack>
     <version.org.xhtmlrenderer>9.1.15</version.org.xhtmlrenderer>
     <version.bouncycastle>1.67</version.bouncycastle>
@@ -472,41 +470,6 @@
         <artifactId>commons-net</artifactId>
         <version>${version.commons.net}</version>
       </dependency>
-      <dependency>
-        <groupId>org.apache.maven</groupId>
-        <artifactId>maven-embedder</artifactId>
-        <version>${version.maven.embedder}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.eclipse.aether</groupId>
-        <artifactId>aether-connector-basic</artifactId>
-        <version>${version.org.eclipse.aether}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.eclipse.aether</groupId>
-        <artifactId>aether-transport-wagon</artifactId>
-        <version>${version.org.eclipse.aether}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.maven.wagon</groupId>
-        <artifactId>wagon-http</artifactId>
-        <version>${version.org.apache.maven.wagon}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.maven.wagon</groupId>
-        <artifactId>wagon-provider-api</artifactId>
-        <version>${version.org.apache.maven.wagon}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.maven.wagon</groupId>
-        <artifactId>wagon-http-lightweight</artifactId>
-        <version>${version.org.apache.maven.wagon}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.maven</groupId>
-        <artifactId>maven-model</artifactId>
-        <version>${version.maven.model}</version>
-      </dependency>
       <dependency>
         <groupId>com.github.taycaldwell</groupId>
         <artifactId>riot-api-java</artifactId>