Merge pull request #3931 from gchq/3930-dependencies

Issue 3930 - Tidy dependencies

NOTICES

@@ -45,7 +45,7 @@ Snappy Java (org.xerial.snappy:snappy-java:1.*)
 
 - Apache License, Version 2.0
 
-Aircompressor (io.airlift:aircompressor:0.*)
+Aircompressor (io.airlift:aircompressor:2.*)
 
 - Apache License, Version 2.0
 
@@ -254,10 +254,6 @@ Eclipse Jetty (org.eclipse.jetty:*:9.*, org.eclipse.jetty.http2:*:9.*, org.eclip
 - Apache License, Version 2.0
 - Eclipse Public License 1.0
 
-Jettison (org.codehaus.jettison:jettison:1.*)
-
-- Apache License, Version 2.0
-
 JSON Path (com.jayway.jsonpath:json-path:2.*)
 
 - Apache License, Version 2.0

java/build/src/main/java/sleeper/build/notices/NoticeDeclaration.java

@@ -32,6 +32,7 @@ public static List<NoticeDeclaration> findDeclarations(String notices) {
         int number = 0;
         while (matcher.find()) {
             matches.add(NoticeDeclaration.from(number, matcher.group(), matcher.group(1), matcher.group(2), matcher.group(3)));
+            number++;
         }
         return matches;
     }

java/build/src/test/java/sleeper/build/notices/CheckNoticesTest.java

@@ -127,4 +127,17 @@ void shouldFindExtraNoticeNotInDependencies() {
         assertThat(CheckNotices.findProblemsInNotices(notices, versions))
                 .containsExactly("Dependency not present in pom.xml: org.junit.jupiter:junit-jupiter-*:5.*");
     }
+
+    @Test
+    void shouldFindOneOfTwoNoticesNotInDependencies() {
+        String notices = """
+                JUnit (org.junit.jupiter:junit-jupiter-*:5.*)
+                Jettison (org.codehaus.jettison:jettison:1.*)
+                """;
+        DependencyVersions versions = DependencyVersions.builder()
+                .dependency("org.junit.jupiter", "junit-jupiter-api", "5.11.3")
+                .build();
+        assertThat(CheckNotices.findProblemsInNotices(notices, versions))
+                .containsExactly("Dependency not present in pom.xml: org.codehaus.jettison:jettison:1.*");
+    }
 }

java/pom.xml

@@ -92,8 +92,8 @@
         We were getting multiple versions added to the classpath, and they both have vulnerabilities.
         -->
         <snappy.version>1.1.10.7</snappy.version>
-        <!-- Parquet declares an old version of Aircompressor with vulnerabilities. Managed from 0.21. -->
-        <aircompressor.version>0.27</aircompressor.version>
+        <!-- Parquet uses Aircompressor. -->
+        <aircompressor.version>2.0.2</aircompressor.version>
         <!-- Hadoop declares an old version of Protobuf with vulnerabilities. Managed from 3.23.4. -->
         <protobuf.version>4.29.1</protobuf.version>
         <!-- Hadoop declares an old version of Nimbus with vulnerabilities. Managed from 9.8.1. -->
@@ -167,9 +167,6 @@
         <!-- Versions of Jetty and its dependencies are managed because WireMock and Hadoop use different versions. -->
         <!-- We want to avoid mixing them but they should be compatible. -->
         <jetty.version>9.4.56.v20240826</jetty.version>
-        <jettison.version>1.5.4</jettison.version>
-        <json-path.version>2.9.0</json-path.version>
-        <xmlunit.version>2.10.0</xmlunit.version>
         <jakarta.activation.version>2.1.3</jakarta.activation.version>
         <jakarta.xml.bind.version>2.3.3</jakarta.xml.bind.version>
         <jungrapht-visualization.version>1.4</jungrapht-visualization.version>
@@ -186,6 +183,8 @@
         <wiremock.version>2.35.2</wiremock.version>
         <assertj.version>3.26.3</assertj.version>
         <approvaltests.version>24.12.0</approvaltests.version>
+        <json-path.version>2.9.0</json-path.version>
+        <xmlunit.version>2.10.0</xmlunit.version>
         <jsonunit.version>4.1.0</jsonunit.version>
         <checkstyle.version>10.21.0</checkstyle.version>
         <sleeper.system.test.short.id/>
@@ -685,11 +684,6 @@
                 <artifactId>http2-server</artifactId>
                 <version>${jetty.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.codehaus.jettison</groupId>
-                <artifactId>jettison</artifactId>
-                <version>${jettison.version}</version>
-            </dependency>
             <dependency>
                 <groupId>com.jayway.jsonpath</groupId>
                 <artifactId>json-path</artifactId>