From a0c0f7967235cde3e21eb8fcbdc28bce7e2a37af Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 20 Sep 2021 22:42:49 +0000
Subject: [PATCH] fix: digidoc4j/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-1655558
---
 digidoc4j/pom.xml | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/digidoc4j/pom.xml b/digidoc4j/pom.xml
index 7e692c3dd..64ae34d68 100644
--- a/digidoc4j/pom.xml
+++ b/digidoc4j/pom.xml
@@ -92,7 +92,7 @@
         <dependency>
             <groupId>org.apache.santuario</groupId>
             <artifactId>xmlsec</artifactId>
-            <version>2.1.5</version>
+            <version>2.1.7</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.codehaus.woodstox</groupId>
@@ -515,21 +515,16 @@
                         <configuration>
                             <target>
                                 <jar jarfile="${dss.util.build}/temp.jar">
-                                    <zipgroupfileset dir="${dss.util.lib}"
-                                                     includes="**/dss*.jar **/validation-policy*.jar"/>
+                                    <zipgroupfileset dir="${dss.util.lib}" includes="**/dss*.jar **/validation-policy*.jar"/>
                                     <zipgroupfileset dir="${dss.util.lib}" includes="**/*.jar" excludes="bcprov-*.jar"/>
-                                    <zipgroupfileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar"
-                                                     excludes="*-javadoc.jar *-sources.jar"/>
-                                    <zipgroupfileset dir="${project.build.directory}"
-                                                     includes="**/logback-*.jar"/>
+                                    <zipgroupfileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar" excludes="*-javadoc.jar *-sources.jar"/>
+                                    <zipgroupfileset dir="${project.build.directory}" includes="**/logback-*.jar"/>
                                 </jar>
                                 <jar destfile="${dss.util.build}/digidoc4j-util.jar">
-                                    <zipfileset src="${dss.util.build}/temp.jar"
-                                                excludes="META-INF/*.SF META-INF/*.RSA META-INF/*.DSA"/>
+                                    <zipfileset src="${dss.util.build}/temp.jar" excludes="META-INF/*.SF META-INF/*.RSA META-INF/*.DSA"/>
                                     <manifest>
                                         <attribute name="Built-By" value="${user.name}"/>
-                                        <attribute name="Implementation-Vendor"
-                                                   value="Republic of Estonia Information System Authority"/>
+                                        <attribute name="Implementation-Vendor" value="Republic of Estonia Information System Authority"/>
                                         <attribute name="Implementation-Title" value="Java BDoc/DigiDoc utility"/>
                                         <attribute name="Implementation-Version" value="${project.version}"/>
                                         <attribute name="Main-Class" value="org.digidoc4j.main.DigiDoc4J"/>
@@ -544,9 +539,7 @@
                                 <copy todir="${dss.util.build}/">
                                     <fileset dir="${project.basedir}/src/main/etc" includes="*.xml"/>
                                 </copy>
-                                <zip
-                                    destfile="${project.build.directory}/${project.artifactId}-${project.version}-util.zip"
-                                    basedir="${dss.util.build}"/>
+                                <zip destfile="${project.build.directory}/${project.artifactId}-${project.version}-util.zip" basedir="${dss.util.build}"/>
                                 <copy tofile="${project.build.directory}/${project.artifactId}-${project.version}.pom">
                                     <fileset dir="${project.basedir}" includes="**/pom.xml"/>
                                 </copy>
@@ -561,13 +554,10 @@
                         <phase>install</phase>
                         <configuration>
                             <target>
-                                <jar
-                                    jarfile="${project.build.directory}/${project.artifactId}-${project.version}-bundle.jar">
-                                    <fileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar"
-                                             excludes="*-library.jar"/>
+                                <jar jarfile="${project.build.directory}/${project.artifactId}-${project.version}-bundle.jar">
+                                    <fileset dir="${project.build.directory}" includes="**/digidoc4j-*.jar" excludes="*-library.jar"/>
                                     <fileset dir="${project.build.directory}" includes="**/*.pom"/>
-                                    <fileset dir="${project.build.directory}" includes="**/*.asc"
-                                             excludes="*-library.*.asc"/>
+                                    <fileset dir="${project.build.directory}" includes="**/*.asc" excludes="*-library.*.asc"/>
                                 </jar>
                             </target>
                         </configuration>