Update sshd-core to 1.3.0

[MRamonLeon]

Update sshd-core library to avoid a dependency vulnerability. It's not exploitable, but it shows up on every security scan.

[jglick]

ssh-agent-plugin/pom.xml

Line 209 in bcc4f9c

<pluginFirstClassLoader>true</pluginFirstClassLoader>

but note that this execution mode is untested AFAIK.

[jglick]

Plugin needs a maintainer; there are a bunch of open PRs that are conflicting and need various degrees of cleanup and manual testing.

[MRamonLeon]

Plugin needs a maintainer; there are a bunch of open PRs that are conflicting and need various degrees of cleanup and manual testing.

WDYM @jglick? We need to manually test or run PCT?

[jglick]

We need to manually test or run PCT?

Manually test using an actual *.hpi since this uses pluginFirstClassLoader so JenkinsRule would not exercise the nondefault modes realistically even if you figured out how to use docker-fixtures to simulate an agent lacking an ssh-agent executable; or finally rip out these modes which are hard to support and just leave in the simple native executable mode.

[alecharp]

Looks good, just an new class import but I don't see any usage for it.

[MRamonLeon]

I've run the ATH Test: https://github.com/jenkinsci/acceptance-test-harness/blob/14b831e4a5ff43f8eb03fe1029779785e510049f/src/test/java/plugins/WorkflowPluginTest.java#L216-L263 successfully with the new version. Command line:

ssh-agent.hpi is this version.

export LOCAL_JARS=ssh-agent.hpi; run.sh firefox latest -DforkCount=1 -Dmaven.test.failure.ignore=true -B -Dtest=WorkflowPluginTest#sshGitInsideDocker

[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running plugins.WorkflowPluginTest
...
INFO: Plugin ssh-agent@1.20-SNAPSHOT (private-5fc21a1f-rleon) is installed
...
INFO: Jenkins is stopped
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 123.33 s - in plugins.WorkflowPluginTest
2020-06-26 15:04:44,877 [LittleProxy-JVM-shutdown-hook] INFO   (DefaultHttpProxyServer.java:436) org.littleshoot.proxy.impl.DefaultHttpProxyServer - Shutting down proxy server immediately (non-graceful)
2020-06-26 15:04:44,878 [LittleProxy-JVM-shutdown-hook] INFO   (DefaultHttpProxyServer.java:469) org.littleshoot.proxy.impl.DefaultHttpProxyServer - Closing all channels (non-graceful)
2020-06-26 15:04:44,883 [LittleProxy-JVM-shutdown-hook] INFO   (ServerGroup.java:212) org.littleshoot.proxy.impl.ServerGroup - Shutting down server group event loops (non-graceful)
2020-06-26 15:04:44,885 [LittleProxy-JVM-shutdown-hook] INFO   (DefaultHttpProxyServer.java:450) org.littleshoot.proxy.impl.DefaultHttpProxyServer - Done shutting down proxy server
[INFO] 
[INFO] Results:
[INFO] 
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  02:15 min
[INFO] Finished at: 2020-06-26T15:04:45Z
[INFO] ------------------------------------------------------------------------