Require Jenkins 2.479.1 and Jakarta EE 9 (#170)

Co-authored-by: strangelookingnerd <[email protected]>

Author: strangelookingnerd

pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
-        <version>4.88</version>
+        <version>5.7</version>
     </parent>
     <artifactId>dependency-check-jenkins-plugin</artifactId>
     <name>OWASP Dependency-Check Plugin</name>
@@ -15,7 +15,7 @@
     <inceptionYear>2012</inceptionYear>
     <organization>
         <name>OWASP</name>
-        <url>http://www.owasp.org</url>
+        <url>https://www.owasp.org</url>
     </organization>
 
     <scm>
@@ -47,7 +47,7 @@
     <licenses>
         <license>
             <name>Apache-2.0</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
         </license>
     </licenses>
 
@@ -80,9 +80,10 @@
         <revision>5.6.1</revision>
         <changelist>-SNAPSHOT</changelist>
         <gitHubRepo>jenkinsci/dependency-check-plugin</gitHubRepo>
-        <jenkins.version>2.462.3</jenkins.version>
-        <jenkins-plugins-bom.artifactId>bom-2.462.x</jenkins-plugins-bom.artifactId>
-        <jenkins-plugins-bom.version>3850.vb_c5319efa_e29</jenkins-plugins-bom.version>
+        <!-- https://www.jenkins.io/doc/developer/plugin-development/choosing-jenkins-baseline/ -->
+        <jenkins.baseline>2.479</jenkins.baseline>
+        <jenkins.version>${jenkins.baseline}.1</jenkins.version>
+        <jenkins-plugins-bom.version>4051.v78dce3ce8b_d6</jenkins-plugins-bom.version>
 
         <assertj.version>3.27.0</assertj.version>
         <checkstyle.version>10.21.1</checkstyle.version>
@@ -92,7 +93,7 @@
         <dependencies>
             <dependency>
                 <groupId>io.jenkins.tools.bom</groupId>
-                <artifactId>${jenkins-plugins-bom.artifactId}</artifactId>
+                <artifactId>bom-${jenkins.baseline}.x</artifactId>
                 <version>${jenkins-plugins-bom.version}</version>
                 <scope>import</scope>
                 <type>pom</type>

src/main/java/org/jenkinsci/plugins/DependencyCheck/AbstractThresholdPublisher.java

@@ -18,6 +18,8 @@
 import hudson.tasks.Recorder;
 import org.jenkinsci.plugins.DependencyCheck.model.Thresholds;
 import org.kohsuke.stapler.DataBoundSetter;
+
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -28,6 +30,7 @@
  */
 public abstract class AbstractThresholdPublisher extends Recorder implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = 5849869400487825164L;
 
     private Integer unstableTotalCritical;

src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckPublisher.java

@@ -31,6 +31,7 @@
 import hudson.tasks.Publisher;
 import java.io.IOException;
 import java.io.PrintStream;
+import java.io.Serial;
 import java.lang.reflect.InvocationTargetException;
 import java.util.List;
 import jenkins.tasks.SimpleBuildStep;
@@ -57,6 +58,7 @@
  */
 public class DependencyCheckPublisher extends AbstractThresholdPublisher implements SimpleBuildStep {
 
+    @Serial
     private static final long serialVersionUID = -3849031519263613214L;
     private static final Logger LOGGER = LoggerFactory.getLogger(DependencyCheckPublisher.class);
     private static final String DEFAULT_PATTERN = "**/dependency-check-report.xml";
@@ -219,7 +221,7 @@ public DescriptorImpl() {
         }
 
         @Override
-        public boolean isApplicable(@SuppressWarnings("rawtypes") Class<? extends AbstractProject> aClass) {
+        public boolean isApplicable(Class<? extends AbstractProject> aClass) {
             return true; // as specified in jenkins.tasks.SimpleBuildStep
         }
 

src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckToolBuilder.java

@@ -21,6 +21,7 @@
 import static org.apache.commons.lang3.StringUtils.trimToEmpty;
 
 import java.io.IOException;
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.List;
@@ -86,6 +87,7 @@
  */
 public class DependencyCheckToolBuilder extends Builder implements SimpleBuildStep, Serializable {
 
+    @Serial
     private static final long serialVersionUID = 4267818809512542424L;
 
     private final String odcInstallation;
@@ -363,7 +365,7 @@ public DependencyCheckInstallation[] getInstallations() {
         }
 
         @Override
-        public boolean isApplicable(@SuppressWarnings("rawtypes") Class<? extends AbstractProject> jobType) {
+        public boolean isApplicable(Class<? extends AbstractProject> jobType) {
             return true;
         }
 

src/main/java/org/jenkinsci/plugins/DependencyCheck/ResultAction.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck;
 
+import java.io.Serial;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -44,6 +45,7 @@
  */
 public class ResultAction extends BuildAction<DependencyCheckBuildResult> {
 
+    @Serial
     private static final long serialVersionUID = -6533677178186658819L;
 
     public ResultAction(final Run<?, ?> owner, List<Finding> findings, SeverityDistribution severityDistribution) {

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Analysis.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -29,6 +30,7 @@
  */
 public class Analysis implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -3444323586874857295L;
 
     private ScanInfo scanInfo;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/CvssV2.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class CvssV2 implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -3093529837834374013L;
 
     private String score;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/CvssV3.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class CvssV3 implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = 9178656430054916373L;
 
     private String baseScore;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Dependency.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
@@ -28,6 +29,7 @@
  */
 public class Dependency implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = 1670679619302610671L;
 
     private String fileName;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Finding.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Objects;
 
@@ -26,6 +27,7 @@
  */
 public class Finding implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = 2916981097517354202L;
 
     private int count;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/ProjectInfo.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class ProjectInfo implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -5430373059282763210L;
 
     private String name;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Reference.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class Reference implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -3633944367025966152L;
 
     private String source;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/RiskGate.java

@@ -16,6 +16,8 @@
 package org.jenkinsci.plugins.DependencyCheck.model;
 
 import hudson.model.Result;
+
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -26,6 +28,7 @@
  */
 public class RiskGate implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = 171256230735670985L;
 
     private Thresholds thresholds;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/ScanInfo.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class ScanInfo implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -8845107789941894310L;
 
     private String engineVersion;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Severity.java

@@ -33,19 +33,13 @@ public static Severity normalize(String severity) {
         if (severity == null) {
             return Severity.UNASSIGNED;
         }
-        switch (severity.toUpperCase()) {
-        case "CRITICAL":
-            return Severity.CRITICAL;
-        case "HIGH":
-            return Severity.HIGH;
-        case "MEDIUM":
-            return Severity.MEDIUM;
-        case "MODERATE":
-            return Severity.MEDIUM;
-        case "LOW":
-            return Severity.LOW;
-        default:
-            return Severity.UNASSIGNED;
-        }
+        return switch (severity.toUpperCase()) {
+        case "CRITICAL" -> Severity.CRITICAL;
+        case "HIGH" -> Severity.HIGH;
+        case "MEDIUM" -> Severity.MEDIUM;
+        case "MODERATE" -> Severity.MEDIUM;
+        case "LOW" -> Severity.LOW;
+        default -> Severity.UNASSIGNED;
+        };
     }
 }

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/SeverityDistribution.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class SeverityDistribution implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -8061827374550831502L;
 
     private int buildNumber;

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Thresholds.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 
 /**
@@ -25,6 +26,7 @@
  */
 public class Thresholds implements Serializable {
     public static class TotalFindings implements Serializable {
+        @Serial
         private static final long serialVersionUID = 1L;
 
         public Integer unstableCritical;
@@ -39,6 +41,7 @@ public static class TotalFindings implements Serializable {
     }
 
     public static class NewFindings implements Serializable {
+        @Serial
         private static final long serialVersionUID = 1L;
 
         public Integer unstableCritical;
@@ -52,6 +55,7 @@ public static class NewFindings implements Serializable {
         public boolean limitToAnalysisExploitable;
     }
 
+    @Serial
     private static final long serialVersionUID = -6489027153777053306L;
 
     public final TotalFindings totalFindings = new TotalFindings();

src/main/java/org/jenkinsci/plugins/DependencyCheck/model/Vulnerability.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.model;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
@@ -28,6 +29,7 @@
  */
 public class Vulnerability implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = 2146048369342617342L;
 
     public enum Source {

src/main/java/org/jenkinsci/plugins/DependencyCheck/pipeline/DependencyCheckStep.java

@@ -15,6 +15,7 @@
  */
 package org.jenkinsci.plugins.DependencyCheck.pipeline;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Set;
 
@@ -36,6 +37,7 @@
 
 public class DependencyCheckStep extends Step implements Serializable {
 
+    @Serial
     private static final long serialVersionUID = -251474850582356300L;
 
     private String pattern;

src/main/java/org/jenkinsci/plugins/DependencyCheck/pipeline/DependencyCheckStepExecutor.java

@@ -30,8 +30,11 @@
 import hudson.model.Run;
 import hudson.model.TaskListener;
 
+import java.io.Serial;
+
 public class DependencyCheckStepExecutor extends SynchronousNonBlockingStepExecution<Void> {
 
+    @Serial
     private static final long serialVersionUID = -8209320657657318589L;
 
     private DependencyCheckStep step;