Merge pull request #2 from phuongnq/security/cs-1110-update-dependencies-4x

Update dependencies and Java to 21

Author: sumerjabri

handlebars-caffeine/pom.xml

@@ -23,7 +23,7 @@
     <dependency>
       <groupId>com.github.ben-manes.caffeine</groupId>
       <artifactId>caffeine</artifactId>
-      <version>3.1.8</version>
+      <version>3.2.0</version>
     </dependency>
 
     <!-- Test dependencies -->

handlebars-guava-cache/pom.xml

@@ -24,7 +24,7 @@
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
-      <version>33.2.1-jre</version>
+      <version>33.4.6-jre</version>
     </dependency>
 
     <!-- Test dependencies -->
@@ -60,7 +60,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>
-        <version>3.3.0</version>
+        <version>3.5.3</version>
         <configuration>
           <!-- set default locale of the test JVM to en_US because some tests expect e.g. the dollar sign as currency symbol -->
           <argLine>-Duser.language=en -Duser.country=US</argLine>

handlebars-helpers/pom.xml

@@ -29,7 +29,7 @@
     <dependency>
       <groupId>joda-time</groupId>
       <artifactId>joda-time</artifactId>
-      <version>2.12.7</version>
+      <version>2.14.0</version>
       <optional>true</optional>
     </dependency>
 

handlebars-maven-plugin/pom.xml

@@ -35,38 +35,38 @@
     <dependency>
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-plugin-api</artifactId>
-      <version>3.9.8</version>
+      <version>3.9.9</version>
     </dependency>
 
     <dependency>
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-core</artifactId>
-      <version>3.9.8</version>
+      <version>3.9.9</version>
     </dependency>
 
     <dependency>
       <groupId>org.apache.maven.plugin-tools</groupId>
       <artifactId>maven-plugin-annotations</artifactId>
-      <version>3.13.1</version>
+      <version>3.15.1</version>
       <scope>provided</scope>
     </dependency>
 
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-utils</artifactId>
-      <version>4.0.1</version>
+      <version>4.0.2</version>
     </dependency>
 
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-xml</artifactId>
-      <version>4.0.4</version>
+      <version>4.1.0</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.javascript</groupId>
       <artifactId>closure-compiler</artifactId>
-      <version>v20240317</version>
+      <version>v20250402</version>
     </dependency>
 
     <!-- Test dependencies -->
@@ -96,7 +96,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-plugin-plugin</artifactId>
-        <version>3.13.1</version>
+        <version>3.15.1</version>
         <configuration>
           <!-- see http://jira.codehaus.org/browse/MNG-5346 -->
           <skipErrorNoDescriptorsFound>true</skipErrorNoDescriptorsFound>

handlebars/pom.xml

@@ -120,7 +120,7 @@
       <plugin>
         <groupId>org.apache.felix</groupId>
         <artifactId>maven-bundle-plugin</artifactId>
-        <version>5.1.9</version>
+        <version>6.0.0</version>
         <executions>
           <execution>
             <id>bundle-manifest</id>
@@ -202,7 +202,7 @@
     <dependency>
       <groupId>org.junit.platform</groupId>
       <artifactId>junit-platform-suite</artifactId>
-      <version>1.10.3</version>
+      <version>1.12.1</version>
       <scope>test</scope>
     </dependency>
 
@@ -227,7 +227,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.16.1</version>
+      <version>2.18.0</version>
       <scope>test</scope>
     </dependency>
 
@@ -239,7 +239,7 @@
   </dependencies>
 
   <properties>
-    <nashorn.version>15.4</nashorn.version>
+    <nashorn.version>15.6</nashorn.version>
   </properties>
 
   <profiles>

handlebars/src/test/java/com/github/jknack/handlebars/AbstractTest.java

@@ -34,6 +34,19 @@ public void shouldCompileTo(final String template, final String data, final Stri
     shouldCompileTo(template, data, expected, "");
   }
 
+  /**
+   * Normalizes spaces in the result and compares it with the expected value.
+   *
+   * @param template The template to compile.
+   * @param data The context to apply.
+   * @param expected The expected result.
+   * @throws IOException If an I/O error occurs.
+   */
+  public void shouldCompileToNormalized(final String template, final Object data, final String expected)
+      throws IOException {
+    shouldCompileToNormalized(template, data, new Hash(), new Hash(), expected, "");
+  }
+
   public void shouldCompileTo(final String template, final Object data, final String expected)
       throws IOException {
     shouldCompileTo(template, data, expected, "");
@@ -120,6 +133,41 @@ public void shouldCompileTo(
     assertEquals(expected, result, "'" + expected + "' should === '" + result + "': " + message);
   }
 
+  /*
+   * Normalizes spaces in the result and compares it with the expected value.
+   *
+   * @param template The template to compile.
+   * @param context The context to apply.
+   * @param helpers The helpers to use.
+   * @param partials The partials to use.
+   * @param expected The expected result.
+   * @param message The message to display on failure.
+   * @throws IOException If an I/O error occurs.
+   */
+  public void shouldCompileToNormalized(
+      final String template,
+      final Object context,
+      final Hash helpers,
+      final Hash partials,
+      final String expected,
+      final String message)
+      throws IOException {
+    Template t = compile(template, helpers, partials);
+    String result = t.apply(configureContext(context));
+    assertEquals(expected, normalizeSpaces(result), "'" + expected + "' should === '" + result + "': " + message);
+  }
+
+  /**
+   * Helper to normalize narrow no-break space (U+202F) and regular non-breaking space (U+00A0)
+   * characters to regular space (U+0020).
+   */
+  public String normalizeSpaces(String input) {
+    return input.replace('\u202F', ' ')
+                .replace('\u00A0', ' ')
+                .replaceAll("\\s+", " ")  // optional: also collapses multiple spaces
+                .trim();
+  }
+
   protected Object configureContext(final Object context) {
     return context;
   }

pom.xml

@@ -64,13 +64,13 @@
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-lang3</artifactId>
-        <version>3.14.0</version>
+        <version>3.17.0</version>
       </dependency>
 
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-text</artifactId>
-        <version>1.12.0</version>
+        <version>1.13.0</version>
       </dependency>
 
       <dependency>
@@ -89,7 +89,7 @@
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>
-        <version>2.0.13</version>
+        <version>2.0.17</version>
       </dependency>
 
       <!-- Servlet API -->
@@ -111,7 +111,7 @@
       <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-classic</artifactId>
-        <version>1.5.6</version>
+        <version>1.5.18</version>
       </dependency>
 
       <dependency>
@@ -135,13 +135,13 @@
       <dependency>
         <groupId>org.yaml</groupId>
         <artifactId>snakeyaml</artifactId>
-        <version>2.2</version>
+        <version>2.4</version>
       </dependency>
 
       <dependency>
         <groupId>org.hamcrest</groupId>
         <artifactId>hamcrest</artifactId>
-        <version>2.2</version>
+        <version>3.0</version>
       </dependency>
 
       <dependency>
@@ -156,7 +156,7 @@
     <plugins>
       <plugin>
         <artifactId>maven-compiler-plugin</artifactId>
-        <version>3.13.0</version>
+        <version>3.14.0</version>
       </plugin>
 
       <plugin>
@@ -168,7 +168,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-javadoc-plugin</artifactId>
-        <version>3.7.0</version>
+        <version>3.11.2</version>
         <configuration>
           <excludePackageNames>com.github.jknack.handlebars.internal.*</excludePackageNames>
           <show>public</show>
@@ -189,7 +189,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>
-        <version>3.3.0</version>
+        <version>3.5.3</version>
         <configuration>
           <!-- set default locale of the test JVM to en_US because some tests expect e.g. the dollar sign as currency symbol -->
           <argLine>-Duser.language=en -Duser.country=US</argLine>
@@ -214,7 +214,7 @@
       <plugin>
         <groupId>com.diffplug.spotless</groupId>
         <artifactId>spotless-maven-plugin</artifactId>
-        <version>2.43.0</version>
+        <version>2.44.4</version>
         <configuration>
           <upToDateChecking>
             <enabled>true</enabled>
@@ -260,7 +260,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-surefire-plugin</artifactId>
-            <version>3.3.0</version>
+            <version>3.5.3</version>
             <inherited>false</inherited>
             <configuration>
               <includes>
@@ -290,7 +290,7 @@
           <plugin>
             <groupId>org.codehaus.mojo</groupId>
             <artifactId>exec-maven-plugin</artifactId>
-            <version>3.3.0</version>
+            <version>3.5.0</version>
             <executions>
               <execution>
                 <phase>initialize</phase>
@@ -393,7 +393,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-gpg-plugin</artifactId>
-            <version>3.2.4</version>
+            <version>3.2.7</version>
             <executions>
               <execution>
                 <id>sign-artifacts</id>
@@ -494,20 +494,20 @@
   <properties>
     <!-- Encoding UTF-8 -->
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <jackson2-version>2.17.1</jackson2-version>
-    <spring.version>6.1.10</spring.version>
-    <jacoco.version>0.8.12</jacoco.version>
-    <antlr-version>4.13.1</antlr-version>
-    <mockito.version>5.12.0</mockito.version>
+    <jackson2-version>2.18.3</jackson2-version>
+    <spring.version>6.2.5</spring.version>
+    <jacoco.version>0.8.13</jacoco.version>
+    <antlr-version>4.13.2</antlr-version>
+    <mockito.version>5.17.0</mockito.version>
     <maven.build.timestamp.format>yyyy-MM-dd HH:mm:ssa</maven.build.timestamp.format>
     <maven-antrun-plugin.version>3.1.0</maven-antrun-plugin.version>
     <timestamp>${maven.build.timestamp}</timestamp>
-    <maven.compiler.source>17</maven.compiler.source>
-    <maven.compiler.target>17</maven.compiler.target>
-    <maven.compiler.release>17</maven.compiler.release>
+    <maven.compiler.source>21</maven.compiler.source>
+    <maven.compiler.target>21</maven.compiler.target>
+    <maven.compiler.release>21</maven.compiler.release>
     <maven.javadoc.failOnError>false</maven.javadoc.failOnError>
     <pre-commit-hook>src${file.separator}etc${file.separator}formatter.sh</pre-commit-hook>
     <mustache-specs>handlebars${file.separator}src${file.separator}test${file.separator}resources${file.separator}mustache</mustache-specs>
-    <junit.version>5.10.3</junit.version>
+    <junit.version>5.12.1</junit.version>
   </properties>
 </project>

tests/pom.xml

@@ -33,7 +33,7 @@
     <dependency>
       <groupId>joda-time</groupId>
       <artifactId>joda-time</artifactId>
-      <version>2.12.7</version>
+      <version>2.14.0</version>
     </dependency>
 
     <!-- Test dependencies -->
@@ -75,7 +75,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>
-        <version>3.3.0</version>
+        <version>3.5.3</version>
         <configuration>
           <!-- set default locale of the test JVM to en_US because some tests expect e.g. the dollar sign as currency symbol -->
           <argLine>-Duser.language=en -Duser.country=US</argLine>
@@ -95,7 +95,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-deploy-plugin</artifactId>
-        <version>3.1.2</version>
+        <version>3.1.4</version>
         <configuration>
           <skip>true</skip>
         </configuration>

tests/src/test/java/com/github/jknack/handlebars/helper/ext/JodaHelperTest.java

@@ -60,8 +60,11 @@ public void testStyle() throws IOException {
         version -> version <= 8,
         () -> shouldCompileTo("{{jodaStyleHelper this \"SS\"}}", dateTime, "7/4/95 2:32 PM"));
     withJava(
-        version -> version >= 9,
+        version -> version >= 9 && version <= 20,
         () -> shouldCompileTo("{{jodaStyleHelper this \"SS\"}}", dateTime, "7/4/95, 2:32 PM"));
+    withJava(
+        version -> version >= 21,
+        () -> shouldCompileToNormalized("{{jodaStyleHelper this \"SS\"}}", dateTime, "7/4/95, 2:32 PM"));
   }
 
   @Test