Scala 3.x agent for security analysis and vulnerability detection & correction.
- Agent (Agentic AI) built with Scala 3.x
- Only 5 Classes
- Security Features:
- Bump versions of libraries and plugins on
pom.xml - Scan for vulnerabilities using
trivy
- Bump versions of libraries and plugins on
- Apply code fixes
Smith depends on trivy, first install trivy
brew install aquasecurity/trivy/trivyNow we can build the project
sbt compile
You must provide an OpenAI API KEY
export OPENAI_API_KEY=your_openai_api_key_heresbt run
❯ ./smith
/***
* ___ ___ ___
* /\__\ /\ \ /\ \
* /:/ /_/ |::\ \ ___ ___ \:\ \
* /:/ /\ \ |:|:\ \ /\__\ /\__\ \:\ \
* /:/ /::\ \ __|:|\:\ \ /:/__/ /:/ / ___ /::\ \
* /:/_/:/\:\__\ /::::|_\:\__\ /::\ \ /:/__/ /\ /:/\:\__\
* \:\/:/ /:/ / \:\~~\ \/__/ \/\:\ \__ /::\ \ \:\/:/ \/__/
* \::/ /:/ / \:\ \ ~~\:\/\__\ /:/\:\ \ \::/__/
* \/_/:/ / \:\ \ \::/ / \/__/\:\ \ \:\ \
* /:/ / \:\__\ /:/ / \:\__\ \:\__\
* \/__/ \/__/ \/__/ \/__/ \/__/
*/
Commands:
* help - Prints this help message
* scan - Will scan for pom vulnerabilities using trivy and check latest versions of libs and plugins
* fix - Will produce a new pom.xml with the security fixes
Scan a project with vulnerabilities. Scan command does not require OPENAI_API_KEY to be set.
./smith scan
❯ ./smith scan
/***
* ___ ___ ___
* /\__\ /\ \ /\ \
* /:/ /_/ |::\ \ ___ ___ \:\ \
* /:/ /\ \ |:|:\ \ /\__\ /\__\ \:\ \
* /:/ /::\ \ __|:|\:\ \ /:/__/ /:/ / ___ /::\ \
* /:/_/:/\:\__\ /::::|_\:\__\ /::\ \ /:/__/ /\ /:/\:\__\
* \:\/:/ /:/ / \:\ \ \/__/ \/\:\ \__ /::\ \ \:\/:/ \/__/
* \::/ /:/ / \:\ \ \:\/\__\ /:/\:\ \ \::/__/
* \/_/:/ / \:\ \ \::/ / \/__/\:\ \ \:\ \
* /:/ / \:\__\ /:/ / \:\__\ \:\__\
* \/__/ \/__/ \/__/ \/__/ \/__/
*/
Performing scan...
Artifact versions that can be updated:
Fetching URL: https://search.maven.org/solrsearch/select?q=g:com.google.guava+AND+a:guava&rows=1&wt=json
Status code: 200
Result for com.google.guava:guava:31.0-jre: Some(33.4.8-jre)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.commons+AND+a:commons-lang3&rows=1&wt=json
Status code: 200
Result for org.apache.commons:commons-lang3:3.12.0: Some(3.17.0)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.springframework.boot+AND+a:spring-boot-starter-web&rows=1&wt=json
Status code: 200
Result for org.springframework.boot:spring-boot-starter-web:3.2.0: Some(3.5.0)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.maven.plugins+AND+a:maven-compiler-plugin&rows=1&wt=json
Status code: 200
Result for org.apache.maven.plugins:maven-compiler-plugin:3.9.0: Some(4.0.0-beta-2)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.maven.plugins+AND+a:maven-surefire-plugin&rows=1&wt=json
Status code: 200
Result for org.apache.maven.plugins:maven-surefire-plugin:3.2.1: Some(3.5.3)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.maven.plugins+AND+a:maven-jar-plugin&rows=1&wt=json
Status code: 200
Result for org.apache.maven.plugins:maven-jar-plugin:3.2.0: Some(4.0.0-beta-1)
com.google.guava:guava: 31.0-jre -> 33.4.8-jre
org.apache.maven.plugins:maven-surefire-plugin: 3.2.1 -> 3.5.3
org.apache.maven.plugins:maven-compiler-plugin: 3.9.0 -> 4.0.0-beta-2
org.apache.commons:commons-lang3: 3.12.0 -> 3.17.0
org.apache.maven.plugins:maven-jar-plugin: 3.2.0 -> 4.0.0-beta-1
org.springframework.boot:spring-boot-starter-web: 3.2.0 -> 3.5.0
Trivy vulnerability report:
Running command: trivy filesystem /mnt/e35d88d4-42b9-49ea-bf29-c4c3b018d429/diego/git/diegopacheco/Smith/./pom.xml
Command output length: 17469
Command output:
2025-05-25T22:50:09-07:00 INFO Vulnerability scanning is enabled
2025-05-25T22:50:09-07:00 INFO Secret scanning is enabled
2025-05-25T22:50:09-07:00 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-05-25T22:50:09-07:00 INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2025-05-25T22:50:09-07:00 INFO Number of language-specific files num=1
2025-05-25T22:50:09-07:00 INFO [pom] Detecting vulnerabilities...
pom.xml (pom)
=============
Total: 22 (UNKNOWN: 0, LOW: 3, MEDIUM: 7, HIGH: 11, CRITICAL: 1)
┌────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ ch.qos.logback:logback-classic │ CVE-2023-6378 │ HIGH │ fixed │ 1.4.11 │ 1.3.12, 1.4.12, 1.2.13 │ logback: serialization vulnerability in logback receiver │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-6378 │
├────────────────────────────────────────────────┤ │ │ │ │ │ │
│ ch.qos.logback:logback-core │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ ├────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-12798 │ MEDIUM │ │ │ 1.5.13, 1.3.15 │ logback-core: arbitrary code execution via │
│ │ │ │ │ │ │ JaninoEventEvaluator │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-12798 │
│ ├────────────────┼──────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-12801 │ LOW │ │ │ │ logback-core: SaxEventRecorder vulnerable to Server-Side │
│ │ │ │ │ │ │ Request Forgery (SSRF) attacks │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-12801 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ com.google.guava:guava │ CVE-2023-2976 │ MEDIUM │ │ 31.0-jre │ 32.0.0-android │ guava: insecure temporary directory creation │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-2976 │
│ ├────────────────┼──────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2020-8908 │ LOW │ │ │ │ guava: local information disclosure via temporary directory │
│ │ │ │ │ │ │ created with unsafe permissions │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-8908 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ org.apache.tomcat.embed:tomcat-embed-core │ CVE-2025-24813 │ CRITICAL │ │ 10.1.16 │ 11.0.3, 10.1.35, 9.0.99 │ tomcat: Potential RCE and/or information disclosure and/or │
│ │ │ │ │ │ │ information corruption with partial PUT... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-24813 │
│ ├────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-34750 │ HIGH │ │ │ 11.0.0-M21, 10.1.25, 9.0.90 │ tomcat: Improper Handling of Exceptional Conditions │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-34750 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-50379 │ │ │ │ 11.0.2, 10.1.34, 9.0.98 │ tomcat: RCE due to TOCTOU issue in JSP compilation │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-50379 │
│ ├────────────────┤ │ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-56337 │ │ │ │ │ tomcat: Incomplete fix for CVE-2024-50379 - RCE due to │
│ │ │ │ │ │ │ TOCTOU issue in... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-56337 │
│ ├────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-24549 │ MEDIUM │ │ │ 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 │ Tomcat: HTTP/2 header handling DoS │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24549 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2025-31650 │ │ │ │ 9.0.104, 10.1.40, 11.0.6 │ tomcat: Apache Tomcat: DoS via malformed HTTP/2 │
│ │ │ │ │ │ │ PRIORITY_UPDATE frame │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-31650 │
│ ├────────────────┼──────────┤ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2025-31651 │ LOW │ │ │ │ tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-31651 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ org.apache.tomcat.embed:tomcat-embed-websocket │ CVE-2024-23672 │ MEDIUM │ │ │ 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 │ Tomcat: WebSocket DoS with incomplete closing handshake │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-23672 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ org.springframework.boot:spring-boot │ CVE-2025-22235 │ HIGH │ │ 3.2.0 │ 3.3.11, 3.4.5 │ org.springframework.boot/spring-boot: Spring Boot │
│ │ │ │ │ │ │ EndpointRequest.to() creates wrong matcher if actuator │
│ │ │ │ │ │ │ endpoint is not... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22235 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ org.springframework:spring-context │ CVE-2024-38820 │ MEDIUM │ │ 6.1.1 │ 6.1.14 │ The fix for CVE-2022-22968 made disallowedFieldspatterns in │
│ │ │ │ │ │ │ DataBinder ... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38820 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ org.springframework:spring-web │ CVE-2024-22243 │ HIGH │ │ │ 6.1.4, 6.0.17, 5.3.32 │ springframework: URL Parsing with Host Validation │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-22243 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-22259 │ │ │ │ 6.1.5, 6.0.18, 5.3.33 │ springframework: URL Parsing with Host Validation │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-22259 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-22262 │ │ │ │ 5.3.34, 6.0.19, 6.1.6 │ springframework: URL Parsing with Host Validation │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-22262 │
│ ├────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-38809 │ MEDIUM │ │ │ 5.3.38, 6.0.23, 6.1.12 │ org.springframework:spring-web: Spring Framework DoS via │
│ │ │ │ │ │ │ conditional HTTP request │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38809 │
├────────────────────────────────────────────────┼────────────────┼──────────┤ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ org.springframework:spring-webmvc │ CVE-2024-38816 │ HIGH │ │ │ 6.1.13 │ spring-webmvc: Path Traversal Vulnerability in Spring │
│ │ │ │ │ │ │ Applications Using RouterFunctions and FileSystemResource │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38816 │
│ ├────────────────┤ │ │ ├─────────────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-38819 │ │ │ │ 6.1.14 │ org.springframework:spring-webmvc: Path traversal │
│ │ │ │ │ │ │ vulnerability in functional web frameworks │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38819 │
└────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────┴─────────────────────────────────────────────────────────────┘
Found 77 data rows
Found 5 vulnerabilities
Vulnerability: CVE-2023-6378, Library: ch.qos.logback:logback-classic, Severity: HIGH
Vulnerability: CVE-2023-2976, Library: com.google.guava:guava, Severity: MEDIUM
Vulnerability: CVE-2025-24813, Library: org.apache.tomcat.embed:tomcat-embed-core, Severity: CRITICAL
Vulnerability: CVE-2025-22235, Library: org.springframework.boot:spring-boot, Severity: HIGH
Vulnerability: CVE-2024-38820, Library: org.springframework:spring-context, Severity: MEDIUM
Fix a project with vulnerabilities. Fix command require OPENAI_API_KEY to be set.
bash
./smith fix
❯ ./smith fix
/***
* ___ ___ ___
* /\__\ /\ \ /\ \
* /:/ /_/ |::\ \ ___ ___ \:\ \
* /:/ /\ \ |:|:\ \ /\__\ /\__\ \:\ \
* /:/ /::\ \ __|:|\:\ \ /:/__/ /:/ / ___ /::\ \
* /:/_/:/\:\__\ /::::|_\:\__\ /::\ \ /:/__/ /\ /:/\:\__\
* \:\/:/ /:/ / \:\ \ \/__/ \/\:\ \__ /::\ \ \:\/:/ \/__/
* \::/ /:/ / \:\ \ \:\/\__\ /:/\:\ \ \::/__/
* \/_/:/ / \:\ \ \::/ / \/__/\:\ \ \:\ \
* /:/ / \:\__\ /:/ / \:\__\ \:\__\
* \/__/ \/__/ \/__/ \/__/ \/__/
*/
Performing fix...
Current pom.xml content:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>java23-project</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<properties>
<maven.compiler.source>23</maven.compiler.source>
<maven.compiler.target>23</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>31.0-jre</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.12.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.2.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.9.0</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.2.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.2.0</version>
</plugin>
</plugins>
</build>
</project>
Fetching URL: https://search.maven.org/solrsearch/select?q=g:com.google.guava+AND+a:guava&rows=1&wt=json
Status code: 200
Result for com.google.guava:guava:31.0-jre: Some(33.4.8-jre)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.commons+AND+a:commons-lang3&rows=1&wt=json
Status code: 200
Result for org.apache.commons:commons-lang3:3.12.0: Some(3.17.0)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.springframework.boot+AND+a:spring-boot-starter-web&rows=1&wt=json
Status code: 200
Result for org.springframework.boot:spring-boot-starter-web:3.2.0: Some(3.5.0)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.maven.plugins+AND+a:maven-compiler-plugin&rows=1&wt=json
Status code: 200
Result for org.apache.maven.plugins:maven-compiler-plugin:3.9.0: Some(4.0.0-beta-2)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.maven.plugins+AND+a:maven-surefire-plugin&rows=1&wt=json
Status code: 200
Result for org.apache.maven.plugins:maven-surefire-plugin:3.2.1: Some(3.5.3)
Fetching URL: https://search.maven.org/solrsearch/select?q=g:org.apache.maven.plugins+AND+a:maven-jar-plugin&rows=1&wt=json
Status code: 200
Result for org.apache.maven.plugins:maven-jar-plugin:3.2.0: Some(4.0.0-beta-1)
com.google.guava:guava: 31.0-jre -> 33.4.8-jre
org.apache.maven.plugins:maven-surefire-plugin: 3.2.1 -> 3.5.3
org.apache.maven.plugins:maven-compiler-plugin: 3.9.0 -> 4.0.0-beta-2
org.apache.commons:commons-lang3: 3.12.0 -> 3.17.0
org.apache.maven.plugins:maven-jar-plugin: 3.2.0 -> 4.0.0-beta-1
org.springframework.boot:spring-boot-starter-web: 3.2.0 -> 3.5.0
Prompt for OpenAI:
I have a Maven pom.xml file with some dependencies that need updating for security reasons.
Please update the following dependencies to their latest versions:
HashMap(com.google.guava:guava:31.0-jre -> Some(33.4.8-jre), org.apache.maven.plugins:maven-surefire-plugin:3.2.1 -> Some(3.5.3), org.apache.maven.plugins:maven-compiler-plugin:3.9.0 -> Some(4.0.0-beta-2), org.apache.commons:commons-lang3:3.12.0 -> Some(3.17.0), org.apache.maven.plugins:maven-jar-plugin:3.2.0 -> Some(4.0.0-beta-1), org.springframework.boot:spring-boot-starter-web:3.2.0 -> Some(3.5.0))
Here's the current pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>java23-project</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<properties>
<maven.compiler.source>23</maven.compiler.source>
<maven.compiler.target>23</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>31.0-jre</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.12.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.2.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.9.0</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.2.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.2.0</version>
</plugin>
</plugins>
</build>
</project>
Please provide the complete updated pom.xml file.
Do not include any additional text or explanations, no comments, just the updated pom.xml.
Updated pom.xml:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>java23-project</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<properties>
<maven.compiler.source>23</maven.compiler.source>
<maven.compiler.target>23</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.4.8-jre</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.17.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>3.5.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>4.0.0-beta-2</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>4.0.0-beta-1</version>
</plugin>
</plugins>
</build>
</project>
Updated pom.xml saved as pom.xml.fixed
Good bye Mr Anderson... I mean, good bye diego.
- Download projects from GitHub and run analysis
- Run Tests before and after fixes
- Create a PR in the project with the fixes
- Make it more granular, fetch all data at one, but try one update at the time
- Make it fallback to second-latest version if not work and keep going.