cleaned up pom

[garciaerin]

• Upgraded some dependencies
• Cleaned up some dependencies
• Fixed compilation errors caused by dependency upgrade

Summary by Sourcery

Upgrade and clean up dependencies in the pom.xml file, addressing compilation errors caused by the upgrades. Refactor Quartz job scheduling code to use the builder pattern for better readability and maintainability.

Enhancements:

• Refactor Quartz job scheduling to use the builder pattern for creating JobDetail and Trigger instances, improving code readability and maintainability.

Chores:

• Remove unnecessary whitespace and comments from the pom.xml file to improve readability and maintainability.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR focuses on cleaning up and upgrading dependencies in the project's pom.xml file, along with making necessary code adjustments to support the upgraded dependencies. The changes include reorganizing dependencies into logical groups, upgrading several library versions for security and compatibility, and updating Quartz scheduler implementation code to work with the newer API.

Class diagram for updated Quartz scheduler implementation

classDiagram
    class HsfoQuartzServlet {
        +schedule() void
    }
    class JobKey {
        +jobKey(String name, String group) : JobKey
    }
    class TriggerKey {
        +triggerKey(String name, String group) : TriggerKey
    }
    class JobBuilder {
        +newJob(Class jobClass) : JobBuilder
        +withIdentity(JobKey jobKey) : JobBuilder
        +build() : JobDetail
    }
    class TriggerBuilder {
        +newTrigger() : TriggerBuilder
        +withIdentity(TriggerKey triggerKey) : TriggerBuilder
        +withSchedule(CronScheduleBuilder scheduleBuilder) : TriggerBuilder
        +startAt(Date startTime) : TriggerBuilder
        +build() : Trigger
    }
    class CronScheduleBuilder {
        +cronSchedule(String cronExpression) : CronScheduleBuilder
    }
    class SimpleScheduleBuilder {
        +simpleSchedule() : SimpleScheduleBuilder
    }
    HsfoQuartzServlet --> JobKey
    HsfoQuartzServlet --> TriggerKey
    HsfoQuartzServlet --> JobBuilder
    HsfoQuartzServlet --> TriggerBuilder
    TriggerBuilder --> CronScheduleBuilder
    TriggerBuilder --> SimpleScheduleBuilder

Loading

File-Level Changes

Change	Details	Files
Upgraded and reorganized Maven dependencies	Upgraded commons-io from 2.13.0 to 2.18.0 Upgraded mysql-connector-java from 8.0.25 to 8.0.33 Upgraded xercesImpl from 2.9.1 to 2.12.2 Upgraded jsch from 0.1.49 to 0.1.54 Upgraded velocity from 1.7 to 2.3 (changed artifact to velocity-engine-core) Upgraded xmlbeans from 2.5.0 to 3.1.0 Upgraded quartz from 1.8.5 to 2.5.0 Upgraded commons-compress from 1.14 to 1.26.0 Upgraded itextpdf and xmlworker from 5.5.13.1 to 5.5.13.4 Reorganized dependencies into logical groups with descriptive comments	pom.xml
Updated Quartz scheduler implementation for compatibility with newer version	Replaced deprecated CronTrigger instantiation with new builder pattern Updated job and trigger key handling to use new API Implemented new scheduling mechanism using TriggerBuilder and JobBuilder Updated job deletion logic to use new API methods	src/main/java/oscar/form/study/hsfo2/pageUtil/HsfoQuartzServlet.java src/main/java/oscar/form/study/HSFO/pageUtil/HsfoQuartzServlet.java

Possibly linked issues

• Added DownloadInIterceptor import to the classes #1: The PR upgrades and cleans dependencies in pom.xml, addressing the issue's request for clean-up.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @garciaerin - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• commons-codec 1.7 has known security vulnerabilities - please upgrade to latest version (currently 1.16.0) (link)

Overall Comments:

• Consider systematically reviewing and upgrading remaining older dependencies (e.g. commons-codec 1.7, commons-digester 1.8) to ensure all components are running secure, supported versions

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🔴 Security: 1 blocking issue
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 issue (security): commons-codec 1.7 has known security vulnerabilities - please upgrade to latest version (currently 1.16.0)

[garciaerin]

tried upgrading it to the latest version of 1.17.1 instead but got errors in the jsp compilation, so kept the current version.

• smoke testing - good
• unit testing - expected results on my side (8 failures)
• jsp compilation - 52 errors.

[sourcery-ai]

It sounds like you're encountering compatibility issues with the latest version of commons-codec. Here are a few suggestions to help address this:

1. Check for Compatibility: Review the release notes or changelog for commons-codec to see if there are any breaking changes or specific migration steps that need to be followed when upgrading from 1.7 to 1.17.1.

2. Dependency Conflicts: Ensure that there are no other dependencies in your project that might be conflicting with the newer version of commons-codec. Sometimes, other libraries might have transitive dependencies on older versions.

3. JSP Compilation Errors: Investigate the specific JSP compilation errors you're encountering. They might provide clues about what changes are needed in your code to accommodate the new version of commons-codec.

4. Incremental Upgrade: If possible, try upgrading to an intermediate version of commons-codec first, rather than jumping directly to 1.17.1. This might help identify which version introduces the breaking changes.

5. Reach Out to the Community: If the issue persists, consider reaching out to the community or checking forums for similar issues. Others might have faced and resolved similar problems.

If none of these steps resolve the issue, you might need to weigh the security risks of staying on the older version against the effort required to refactor your code to be compatible with the latest version. Let me know if you need further assistance!

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
maven/com.itextpdf.tool/xmlworker@5.5.13.4	eval, filesystem, network	0	503 kB
maven/com.itextpdf/itextpdf@5.5.13.4	environment, eval, filesystem, network, shell, unsafe	+3	20.8 MB
maven/com.jcraft/jsch@0.1.54	eval, filesystem, network, unsafe	+1	592 kB
maven/commons-digester/commons-digester@1.8	eval, filesystem, network Transitive: unsafe	+2	825 kB
maven/commons-io/commons-io@2.18.0	eval, filesystem, network, unsafe	0	1.14 MB
maven/mysql/mysql-connector-java@8.0.33	None	0	0 B
maven/org.apache.commons/commons-compress@1.26.0	eval, filesystem, network, unsafe	+5	19.9 MB
maven/org.apache.commons/commons-lang3@3.17.0	None	0	0 B
maven/org.apache.velocity.tools/velocity-tools-generic@3.1	eval, filesystem, network, unsafe	+2	909 kB
maven/org.apache.velocity/velocity-engine-core@2.4.1	None	0	0 B
maven/org.quartz-scheduler/quartz@2.5.0	eval, filesystem, network, unsafe Transitive: environment, shell	+158	320 MB
maven/xerces/xercesimpl@2.12.2	Transitive: eval, filesystem, network	+2	332 kB

🚮 Removed packages: maven/batik/batik-awt-util@1.6-1, maven/batik/batik-dom@1.6-1, maven/batik/batik-svggen@1.6-1, maven/batik/batik-util@1.6-1, maven/batik/batik-xml@1.6-1, maven/cglib/cglib-nodep@3.2.5, maven/com.fasterxml.jackson.core/jackson-annotations@2.12.7, maven/com.fasterxml.jackson.core/jackson-core@2.12.7, maven/com.itextpdf.tool/xmlworker@5.5.13.1, maven/com.itextpdf/itextpdf@5.5.13.1, maven/com.jcraft/jsch@0.1.49, maven/com.sun.xml.bind/jaxb-impl@2.3.3, maven/commons-io/commons-io@2.13.0, maven/javax.servlet/jstl@1.2, maven/mysql/mysql-connector-java@8.0.25, maven/org.apache.axis2/axis2-transport-local@1.5.4, maven/org.apache.commons/commons-compress@1.14, maven/org.apache.commons/commons-lang3@3.9, maven/org.apache.jcs/jcs@1.3, maven/org.apache.pdfbox/jbig2-imageio@3.0.4, maven/org.apache.velocity/velocity@1.7, maven/org.apache.ws.commons.axiom/axiom-api@1.2.11, maven/org.apache.ws.commons.axiom/axiom-impl@1.2.11, maven/org.apache.xmlgraphics/batik-dom@1.7, maven/org.codehaus.woodstox/woodstox-core-asl@4.4.1, maven/org.quartz-scheduler/quartz@1.8.5, maven/org.slf4j/slf4j-jdk14@1.7.32, maven/xerces/xercesimpl@2.9.1

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	maven/com.itextpdf/itextpdf@5.5.13.4	CVE: GHSA-gv87-q66h-4277 Command injection in itext7-core (CRITICAL) Affected versions: < 7.1.17 Patched version: 7.1.17	pom.xml	⚠︎
Critical CVE	maven/com.hazelcast/hazelcast@4.0.1	CVE: GHSA-c5hg-mr8r-f6jp Hazelcast connection caching (CRITICAL) Affected versions: >= 4.0, <= 4.0.6 Patched version: No patched versions	pom.xml	⚠︎
Critical CVE	maven/com.hazelcast/hazelcast@4.0.1	CVE: GHSA-v57x-gxfj-484q Security Advisory for "Log4Shell" (CRITICAL) Affected versions: >= 4.0.0, < 4.0.5 Patched version: 4.0.5	pom.xml	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore maven/com.itextpdf/itextpdf@5.5.13.4
• @SocketSecurity ignore maven/com.hazelcast/hazelcast@4.0.1

[yingbull]

lots done here - I assume with respect to quartz compatibility in new version. need to explain that in a commit. ideally its own for it, but it should be stated more specifically what's going on in this commit rather than general dependency statement

[kateyang1998]

Added commit description about Quartz imports.

[sebastian-j-ibanez]

The merge conflicts should be resolved now.

[sebastian-j-ibanez]

Just need to fix the merge conflicts.