From 95e0448bb5a9e22fbfe5679939b79c438cb2e72b Mon Sep 17 00:00:00 2001
From: Ben Companjen <ben@companjen.name>
Date: Thu, 5 Dec 2024 17:57:29 +0100
Subject: [PATCH 1/6] Update Log4J to latest 2.x

(cherry picked from commit 563b3849a46b152b0299c9f4a73699ae8f9030c2)
---
 pom.xml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 676cbdf2..3e4fabce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,6 +12,7 @@
         <jsf.version>2.2.15</jsf.version>
         <primefaces.version>7.0</primefaces.version>
         <jetty.version>9.4.29.v20200521</jetty.version>
+        <log4j.version>2.24.2</log4j.version>
     </properties>
     <dependencies>
         <dependency>
@@ -144,17 +145,17 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
-            <version>2.17.1</version>
+            <version>${log4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.17.1</version>
+            <version>${log4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-slf4j-impl</artifactId>
-            <version>2.16.0</version>
+            <version>${log4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.solr</groupId>

From eed79d74854130c268abec8e775c74ad2f078bae Mon Sep 17 00:00:00 2001
From: Ben Companjen <ben@companjen.name>
Date: Thu, 5 Dec 2024 18:42:25 +0100
Subject: [PATCH 2/6] Update various dependencies, add exclusions

Commons logging was found in multiple (transitive) dependencies.

(cherry picked from commit 49c31b95034bf8f127320f0af8bc133eb5b0b407)
---
 pom.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 48 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3e4fabce..29ea8449 100644
--- a/pom.xml
+++ b/pom.xml
@@ -69,12 +69,17 @@
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
-            <version>1.15</version>
+            <version>1.17.1</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+            <version>1.5</version>
         </dependency>
         <dependency>
             <groupId>com.github.jsonld-java</groupId>
             <artifactId>jsonld-java</artifactId>
-            <version>0.13.4</version>
+            <version>0.13.6</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.httpcomponents</groupId>
@@ -94,7 +99,7 @@
         <dependency>
             <groupId>jaxen</groupId>
             <artifactId>jaxen</artifactId>
-            <version>1.2.0</version>
+            <version>2.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.jdom</groupId>
@@ -104,12 +109,12 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
-            <version>2.13.0</version>
+            <version>2.18.2</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.13.2.1</version>
+            <version>2.18.2</version>
         </dependency>
         <dependency>
             <groupId>org.openrdf.sesame</groupId>
@@ -124,7 +129,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.13</version>
+            <version>4.5.14</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-logging</groupId>
@@ -167,11 +172,30 @@
             <groupId>org.elasticsearch.client</groupId>
             <artifactId>elasticsearch-rest-high-level-client</artifactId>
             <version>7.13.4</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-core</artifactId>
-            <version>1.12.129</version>
+            <version>1.12.779</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- testing -->
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>5.14.2</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -179,6 +203,23 @@
             <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
+        <!-- Authentication -->
+        <dependency>
+            <groupId>com.github.scribejava</groupId>
+            <artifactId>scribejava-apis</artifactId>
+            <version>8.3.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>6.4.1</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-jcl</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
     </dependencies>
     <build>
         <finalName>simpleAnnotationStore</finalName>

From 39f4386f75ca0c24c61eabf5adb4a79ed425fb70 Mon Sep 17 00:00:00 2001
From: Ben Companjen <ben@companjen.name>
Date: Mon, 9 Dec 2024 14:12:31 +0100
Subject: [PATCH 3/6] Revert Spring Security dependency to latest 5.x.y

(cherry picked from commit 8c4eaca1e7a7b182d64069709c6990ecece8d168)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 29ea8449..ad8472b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -212,7 +212,7 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
-            <version>6.4.1</version>
+            <version>5.8.16</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.springframework</groupId>

From cb1f0297f769034b89d0ee39c3118169d82a9142 Mon Sep 17 00:00:00 2001
From: Ben Companjen <ben@companjen.name>
Date: Thu, 5 Dec 2024 17:51:21 +0100
Subject: [PATCH 4/6] Update Jetty to latest v9, reuse version property

(cherry picked from commit fbfb73dc53492c37b176b55a84efca7cc5128d2f)
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index ad8472b3..04e0175b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
 
         <jsf.version>2.2.15</jsf.version>
         <primefaces.version>7.0</primefaces.version>
-        <jetty.version>9.4.29.v20200521</jetty.version>
+        <jetty.version>9.4.56.v20240826</jetty.version>
         <log4j.version>2.24.2</log4j.version>
     </properties>
     <dependencies>
@@ -243,7 +243,7 @@
             <plugin>
                 <groupId>org.eclipse.jetty</groupId>
                 <artifactId>jetty-maven-plugin</artifactId>
-                <version>9.4.30.v20200611</version>
+                <version>${jetty.version}</version>
                 <configuration>
                     <httpConnector>
                         <port>8888</port>
@@ -261,7 +261,7 @@
                     <dependency>
                         <groupId>org.eclipse.jetty</groupId>
                         <artifactId>apache-jstl</artifactId>
-                        <version>9.4.29.v20200521</version>
+                        <version>${jetty.version}</version>
                         <exclusions>
                             <exclusion>
                                 <groupId>org.apache.taglibs</groupId>

From 6ad07a49e03071c087725295896cf1363ecc59f4 Mon Sep 17 00:00:00 2001
From: Ben Companjen <ben@companjen.name>
Date: Tue, 14 Jan 2025 12:31:31 +0100
Subject: [PATCH 5/6] Remove dependencies not in use

---
 pom.xml | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/pom.xml b/pom.xml
index 04e0175b..89fa6b6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -191,35 +191,12 @@
             </exclusions>
         </dependency>
         <!-- testing -->
-        <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-core</artifactId>
-            <version>5.14.2</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
-        <!-- Authentication -->
-        <dependency>
-            <groupId>com.github.scribejava</groupId>
-            <artifactId>scribejava-apis</artifactId>
-            <version>8.3.3</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
-            <version>5.8.16</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springframework</groupId>
-                    <artifactId>spring-jcl</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
     </dependencies>
     <build>
         <finalName>simpleAnnotationStore</finalName>

From 4ef663a1d5acd92eeb573a09fac01f386a182bef Mon Sep 17 00:00:00 2001
From: Ben Companjen <ben@companjen.name>
Date: Tue, 14 Jan 2025 12:32:58 +0100
Subject: [PATCH 6/6] Remove commons-upload Maven dependency

---
 pom.xml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 89fa6b6f..3d14ec85 100644
--- a/pom.xml
+++ b/pom.xml
@@ -71,11 +71,6 @@
             <artifactId>commons-codec</artifactId>
             <version>1.17.1</version>
         </dependency>
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.5</version>
-        </dependency>
         <dependency>
             <groupId>com.github.jsonld-java</groupId>
             <artifactId>jsonld-java</artifactId>