[CVE-2022-3509] Upgrade `error_prone_core`

[yeikel]

While trying to run the plugin in an enterprise environment mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.activeRecipes=org.openrewrite.java.testing.junit5.JUnit4to5Migration

The build fails because rewrite-maven is pulling com.google.errorprone:error_prone_core:jar:with-dependencies:2.10.0 that is not secure due to CVE-2022-3509

I am aware that this is likely not exploitable here, but unfortunately that is not enough justification in my environment.

It seems that this might be a transitive dependency because I do not see it in the pom explicitly, but I only looked superficially. In any case, we should try upgrading it and/or removing it from the final artifact as it makes the plugin vulnerable as well

The latest version of error prone is 2.19.1

[timtebeek]

I've gone ahead and merged the potential fix; you should be able to try it out through our snapshot versions shortly. Let me know if that works for you!

[yeikel]

Thank you. I can't pull snapshots in my environment but I'll definitely give it a try when it is released