From ed8a7f56eebef668d53f2f4582d65bf152c6b933 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 27 May 2022 22:20:49 +0000
Subject: [PATCH] fix: pom.xml & digidoc4j/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508
---
 digidoc4j/pom.xml | 32 +++++++++++---------------------
 pom.xml           |  2 +-
 2 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/digidoc4j/pom.xml b/digidoc4j/pom.xml
index 7e692c3dd..faba72f7a 100644
--- a/digidoc4j/pom.xml
+++ b/digidoc4j/pom.xml
@@ -25,7 +25,7 @@
         <logback-classic.version>1.2.3</logback-classic.version>
         <junit.version>4.13.1</junit.version>
         <dss.groupId>org.digidoc4j.dss</dss.groupId>
-        <dss.version>5.7.d4j.1</dss.version>
+        <dss.version>5.9.d4j.1</dss.version>
         <dss.util.build>${project.build.directory}/build/util</dss.util.build>
         <dss.util.lib>${project.build.directory}/library/util</dss.util.lib>
         <dss.zip.lib>${project.build.directory}/library/zip</dss.zip.lib>
@@ -43,7 +43,7 @@
         <dependency>
             <artifactId>ddoc4j</artifactId>
             <groupId>org.digidoc4j</groupId>
-            <version>4.1.0-RC.1</version>
+            <version>4.2.1</version>
         </dependency>
 
         <dependency>
@@ -515,21 +515,16 @@
                         <configuration>
                             <target>
                                 <jar jarfile="${dss.util.build}/temp.jar">
-                                    <zipgroupfileset dir="${dss.util.lib}"
-                                                     includes="**/dss*.jar **/validation-policy*.jar"/>
+                                    <zipgroupfileset dir="${dss.util.lib}" includes="**/dss*.jar **/validation-policy*.jar"/>
                                     <zipgroupfileset dir="${dss.util.lib}" includes="**/*.jar" excludes="bcprov-*.jar"/>
-                                    <zipgroupfileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar"
-                                                     excludes="*-javadoc.jar *-sources.jar"/>
-                                    <zipgroupfileset dir="${project.build.directory}"
-                                                     includes="**/logback-*.jar"/>
+                                    <zipgroupfileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar" excludes="*-javadoc.jar *-sources.jar"/>
+                                    <zipgroupfileset dir="${project.build.directory}" includes="**/logback-*.jar"/>
                                 </jar>
                                 <jar destfile="${dss.util.build}/digidoc4j-util.jar">
-                                    <zipfileset src="${dss.util.build}/temp.jar"
-                                                excludes="META-INF/*.SF META-INF/*.RSA META-INF/*.DSA"/>
+                                    <zipfileset src="${dss.util.build}/temp.jar" excludes="META-INF/*.SF META-INF/*.RSA META-INF/*.DSA"/>
                                     <manifest>
                                         <attribute name="Built-By" value="${user.name}"/>
-                                        <attribute name="Implementation-Vendor"
-                                                   value="Republic of Estonia Information System Authority"/>
+                                        <attribute name="Implementation-Vendor" value="Republic of Estonia Information System Authority"/>
                                         <attribute name="Implementation-Title" value="Java BDoc/DigiDoc utility"/>
                                         <attribute name="Implementation-Version" value="${project.version}"/>
                                         <attribute name="Main-Class" value="org.digidoc4j.main.DigiDoc4J"/>
@@ -544,9 +539,7 @@
                                 <copy todir="${dss.util.build}/">
                                     <fileset dir="${project.basedir}/src/main/etc" includes="*.xml"/>
                                 </copy>
-                                <zip
-                                    destfile="${project.build.directory}/${project.artifactId}-${project.version}-util.zip"
-                                    basedir="${dss.util.build}"/>
+                                <zip destfile="${project.build.directory}/${project.artifactId}-${project.version}-util.zip" basedir="${dss.util.build}"/>
                                 <copy tofile="${project.build.directory}/${project.artifactId}-${project.version}.pom">
                                     <fileset dir="${project.basedir}" includes="**/pom.xml"/>
                                 </copy>
@@ -561,13 +554,10 @@
                         <phase>install</phase>
                         <configuration>
                             <target>
-                                <jar
-                                    jarfile="${project.build.directory}/${project.artifactId}-${project.version}-bundle.jar">
-                                    <fileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar"
-                                             excludes="*-library.jar"/>
+                                <jar jarfile="${project.build.directory}/${project.artifactId}-${project.version}-bundle.jar">
+                                    <fileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar" excludes="*-library.jar"/>
                                     <fileset dir="${project.build.directory}" includes="**/*.pom"/>
-                                    <fileset dir="${project.build.directory}" includes="**/*.asc"
-                                             excludes="*-library.*.asc"/>
+                                    <fileset dir="${project.build.directory}" includes="**/*.asc" excludes="*-library.*.asc"/>
                                 </jar>
                             </target>
                         </configuration>
diff --git a/pom.xml b/pom.xml
index f9385561e..854120a50 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@
         <maven.compiler.target>1.8</maven.compiler.target>
         <maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
         <slf4j.version>1.7.30</slf4j.version>
-        <bouncycastle.version>1.65</bouncycastle.version>
+        <bouncycastle.version>1.69</bouncycastle.version>
         <javadocOpt>none</javadocOpt>
     </properties>