Upgrade dependencies to address vulnerabilities

README.md

@@ -1,6 +1,6 @@
 # Elasticsearch Maven Plugin [![Java CI with Maven](https://github.com/alexcojocaru/elasticsearch-maven-plugin/actions/workflows/maven.yml/badge.svg)](https://github.com/alexcojocaru/elasticsearch-maven-plugin/actions/workflows/maven.yml)
 
-A Maven 3.1+ plugin to run instances of Elasticsearch version 5+ during the integration test phase of a build.
+A Maven plugin to run instances of Elasticsearch version 5+ during the integration test phase of a build.
 Instances are started in forked processes using the **runforked** goal.
 They are terminated using the **stop** goal and, for extra peace of mind, using a JVM shutdown hook.
 
@@ -14,8 +14,7 @@ For Elasticsearch version 1.x.x and 2.x.x support, see version 1.x and 2.x of th
 _NB: There was a license conflict with one of the project files, which was fixed in version 6.26 of the plugin.
 See [this discussion](https://github.com/alexcojocaru/elasticsearch-maven-plugin/issues/151) for details._
 
-_NB: Because the plugin uses the new [Eclipse based Aether framework](https://www.eclipse.org/aether/), it only works with Maven 3.1.0 and above.
-See [this discussion](https://github.com/alexcojocaru/elasticsearch-maven-plugin/issues/28) for details._
+_NB: Because the plugin uses the new [Apache Maven Artifact Resolver](https://maven.apache.org/resolver/), it only works with Maven 3.9.x and above._
 
 ## Usage
 The Elasticsearch behaviour and properties can be configured through the following plugin configuration parameters:
@@ -121,7 +120,7 @@ To use the plugin, include the following in your _pom.xml_ file and modify the c
         THE PLUGIN VERSION; FOR THE LIST OF AVAILABLE VERSIONS, SEE
         https://github.com/alexcojocaru/elasticsearch-maven-plugin/releases
     -->
-    <version>6.26</version>
+    <version>6.27</version>
     <configuration>
         <!-- THE ELASTICSEARCH VERSION; REPLACE WITH THE VERSION YOU NEED -->
         <version>7.2.0</version>
@@ -166,7 +165,7 @@ The way to define environment variables is as follows:
 <plugin>
     <groupId>com.github.alexcojocaru</groupId>
     <artifactId>elasticsearch-maven-plugin</artifactId>
-    <version>6.26</version>
+    <version>6.27</version>
     <configuration>
         <clusterName>test</clusterName>
         <transportPort>9300</transportPort>
@@ -197,7 +196,7 @@ The way to enable plugins is as follows:
 <plugin>
     <groupId>com.github.alexcojocaru</groupId>
     <artifactId>elasticsearch-maven-plugin</artifactId>
-    <version>6.26</version>
+    <version>6.27</version>
     <configuration>
         <clusterName>test</clusterName>
         <transportPort>9300</transportPort>
@@ -246,7 +245,7 @@ Example:
 <plugin>
     <groupId>com.github.alexcojocaru</groupId>
     <artifactId>elasticsearch-maven-plugin</artifactId>
-    <version>6.26</version>
+    <version>6.27</version>
     <configuration>
         ...
         <instanceCount>2</instanceCount>
@@ -440,7 +439,7 @@ Then just tell the elasticsearch-maven-plugin to use the local URI.
 <plugin>
     <groupId>com.github.alexcojocaru</groupId>
     <artifactId>elasticsearch-maven-plugin</artifactId>
-    <version>6.26</version>
+    <version>6.27</version>
     <configuration>
         <version>5.4.2</version>
         <plugins>

pom.xml

@@ -53,8 +53,8 @@
         <!-- since ES 5+ requires Java 8, use that on the plugin too -->
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <maven.version>3.2.5</maven.version>
-        <aether.version>1.1.0</aether.version>
+        <maven.version>3.9.5</maven.version>
+        <maven.resolver.version>1.9.16</maven.resolver.version>
         <integrationTest>*</integrationTest>
         <!--
             this is set by Travis to true in the pre-run
@@ -91,9 +91,15 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>org.eclipse.aether</groupId>
-            <artifactId>aether-api</artifactId>
-            <version>${aether.version}</version>
+            <groupId>org.apache.maven.resolver</groupId>
+            <artifactId>maven-resolver-api</artifactId>
+            <version>${maven.resolver.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.resolver</groupId>
+            <artifactId>maven-resolver-spi</artifactId>
+            <version>${maven.resolver.version}</version>
+            <scope>test</scope>
         </dependency>
 
         <dependency>
@@ -111,11 +117,6 @@
             <artifactId>commons-io</artifactId>
             <version>2.11.0</version>
         </dependency>
-        <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <version>31.0.1-jre</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
@@ -134,7 +135,7 @@
         <dependency>
             <groupId>org.codehaus.plexus</groupId>
             <artifactId>plexus-archiver</artifactId>
-            <version>4.6.1</version>
+            <version>4.8.0</version>
         </dependency>
         <dependency>
             <groupId>org.awaitility</groupId>
@@ -161,12 +162,6 @@
             <version>${maven.version}</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.maven</groupId>
-            <artifactId>maven-aether-provider</artifactId>
-            <version>${maven.version}</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>

src/main/java/com/github/alexcojocaru/mojo/elasticsearch/v2/ElasticsearchArtifact.java

@@ -1,5 +1,9 @@
 package com.github.alexcojocaru.mojo.elasticsearch.v2;
 
+import java.util.Arrays;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.SystemUtils;
 
@@ -31,10 +35,10 @@ public String getType()
 
     public String buildBundleFilename()
     {
-        return Joiner
-                .on("-")
-                .skipNulls()
-                .join(getArtifactId(), getVersion(), getClassifier() /* May be null */)
+        return Arrays.asList(getArtifactId(), getVersion(), getClassifier())
+                .stream()
+                .filter(Objects::nonNull)
+                .collect(Collectors.joining("-"))
                 + "." + getType();
     }
 

src/main/java/com/github/alexcojocaru/mojo/elasticsearch/v2/configuration/Artifacts.java

@@ -15,9 +15,12 @@
  */
 package com.github.alexcojocaru.mojo.elasticsearch.v2.configuration;
 
+import java.util.Objects;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang3.StringUtils;
+
 import com.github.alexcojocaru.mojo.elasticsearch.v2.AbstractArtifact;
-import com.google.common.base.Splitter;
-import com.google.common.collect.Iterables;
 
 /**
  * Copied from the t7mp project.
@@ -42,9 +45,12 @@ private Artifacts()
 
     public static AbstractArtifact fromCoordinates(String coordinates)
     {
-        Iterable<String> splitted =
-                Splitter.on(':').omitEmptyStrings().trimResults().split(coordinates);
-        String[] strings = Iterables.toArray(splitted, String.class);
+        String[] strings = Pattern
+                .compile(":")
+                .splitAsStream(StringUtils.trimToEmpty(coordinates))
+                .map(StringUtils::trimToNull)
+                .filter(Objects::nonNull)
+                .toArray(String[]::new);
         if (strings.length < THREE || strings.length > FIVE)
         {
             throw new InvalidCoordinatesException(coordinates);