devonfw#103: some fixes

fixed pom versions
applied reformat

cli/pom.xml

@@ -58,12 +58,10 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>2.0.3</version>
     </dependency>
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.4.7</version>
     </dependency>
     <!-- Needed for WireMock test support -->
     <dependency>

pom.xml

@@ -20,15 +20,32 @@
     <github.repository>IDEasy</github.repository>
     <ide_version>${revision}</ide_version>
     <owasp.version>9.0.9</owasp.version>
+    <slf4j.version>2.0.3</slf4j.version>
+    <logback.version>1.4.7</logback.version>
   </properties>
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-api</artifactId>
+        <version>${slf4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>${logback.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-core</artifactId>
         <version>${owasp.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.devonfw.tools.IDEasy</groupId>
+        <artifactId>ide-cli</artifactId>
+        <version>${revision}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

security/pom.xml

@@ -2,25 +2,38 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>com.devonfw.tools.IDEasy.dev</groupId>
-        <artifactId>ide</artifactId>
-        <version>dev-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>ide-security</artifactId>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>com.devonfw.tools.IDEasy.dev</groupId>
+    <artifactId>ide</artifactId>
+    <version>dev-SNAPSHOT</version>
+  </parent>
 
-    <dependencies>
-        <!-- Other configurations and properties -->
-        <dependency>
-            <groupId>org.owasp</groupId>
-            <artifactId>dependency-check-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.devonfw.tools.IDEasy</groupId>
-            <artifactId>ide-cli</artifactId>
-        </dependency>
-    </dependencies>
+  <artifactId>ide-security</artifactId>
+
+  <properties>
+    <java.version>17</java.version>
+  </properties>
+
+  <dependencies>
+    <!-- Other configurations and properties -->
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>ch.qos.logback</groupId>
+      <artifactId>logback-classic</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.owasp</groupId>
+      <artifactId>dependency-check-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.devonfw.tools.IDEasy</groupId>
+      <artifactId>ide-cli</artifactId>
+      <scope>compile</scope>
+    </dependency>
+  </dependencies>
 
 </project>

security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java

@@ -12,19 +12,6 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import com.devonfw.tools.ide.context.AbstractIdeContext;
-import com.devonfw.tools.ide.context.IdeContext;
-import com.devonfw.tools.ide.context.IdeContextConsole;
-import com.devonfw.tools.ide.log.IdeLogLevel;
-import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile;
-import com.devonfw.tools.ide.url.model.file.json.UrlSecurityWarning;
-import com.devonfw.tools.ide.url.model.folder.UrlVersion;
-import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater;
-import com.devonfw.tools.ide.url.updater.UpdateManager;
-import com.devonfw.tools.ide.util.MapUtil;
-import com.devonfw.tools.ide.version.BoundaryType;
-import com.devonfw.tools.ide.version.VersionIdentifier;
-import com.devonfw.tools.ide.version.VersionRange;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.AbstractAnalyzer;
 import org.owasp.dependencycheck.analyzer.AnalysisPhase;
@@ -55,6 +42,20 @@
 import org.owasp.dependencycheck.utils.Pair;
 import org.owasp.dependencycheck.utils.Settings;
 
+import com.devonfw.tools.ide.context.AbstractIdeContext;
+import com.devonfw.tools.ide.context.IdeContext;
+import com.devonfw.tools.ide.context.IdeContextConsole;
+import com.devonfw.tools.ide.log.IdeLogLevel;
+import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile;
+import com.devonfw.tools.ide.url.model.file.json.UrlSecurityWarning;
+import com.devonfw.tools.ide.url.model.folder.UrlVersion;
+import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater;
+import com.devonfw.tools.ide.url.updater.UpdateManager;
+import com.devonfw.tools.ide.util.MapUtil;
+import com.devonfw.tools.ide.version.BoundaryType;
+import com.devonfw.tools.ide.version.VersionIdentifier;
+import com.devonfw.tools.ide.version.VersionRange;
+
 /**
  * This class is used to build the {@link UrlSecurityJsonFile} files for IDEasy. It scans the
  * {@link AbstractIdeContext#getUrlsPath() ide-url} folder for all tools, editions and versions and checks for
@@ -85,6 +86,7 @@ public class BuildSecurityJsonFiles {
   private static BigDecimal minV3Severity = new BigDecimal("0.0");
 
   private static final Set<String> actuallyIgnoredCves = new HashSet<>();
+
   private static final IdeContext context = new IdeContextConsole(IdeLogLevel.INFO, null, false);;
 
   /**
@@ -342,7 +344,7 @@ private static String getUrlVersion(String cpeVersion, Map<String, String> cpeTo
 
     String urlVersion = null;
     if (cpeVersion != null) {
-      if (cpeToUrlVersion!= null && cpeToUrlVersion.containsKey(cpeVersion)) {
+      if (cpeToUrlVersion != null && cpeToUrlVersion.containsKey(cpeVersion)) {
         urlVersion = cpeToUrlVersion.get(cpeVersion);
       } else {
         urlVersion = urlUpdater.mapCpeVersionToUrlVersion(cpeVersion);