Merge pull request #254 from contentstack/fix/snyk

Fix snyk

Author: reeshika-h

pom.xml

@@ -20,11 +20,11 @@
         <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
         <maven-javadoc-plugin.version>3.4.1</maven-javadoc-plugin.version>
         <dotenv-source.version>3.0.0</dotenv-source.version>
-        <rxjava-source.version>3.1.11</rxjava-source.version>
+        <rxjava-source.version>3.1.12</rxjava-source.version>
         <retrofit-source.version>3.0.0</retrofit-source.version>
-        <loggin.version>5.1.0</loggin.version>
+        <loggin.version>5.3.2</loggin.version>
         <jococo-plugin.version>0.8.5</jococo-plugin.version>
-        <lombok-source.version>1.18.36</lombok-source.version>
+        <lombok-source.version>1.18.42</lombok-source.version>
         <junit-jupiter.version>5.11.4</junit-jupiter.version>
         <junit-jupiter-engine.version>5.8.0-M1</junit-jupiter-engine.version>
         <gson.version>2.8.8</gson.version>
@@ -33,17 +33,14 @@
         <maven-gpg-plugin.version>1.5</maven-gpg-plugin.version>
         <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
         <nexus-staging-maven-plugin.version>1.6.13</nexus-staging-maven-plugin.version>
-        <json-version>20250107</json-version>
+        <json-version>20250517</json-version>
         <jacoco-maven-plugin-version>0.8.11</jacoco-maven-plugin-version>
         <maven-release-plugin-version>2.5.3</maven-release-plugin-version>
         <contentstack-utils-version>1.2.15</contentstack-utils-version>
     </properties>
 
-    <parent>
-        <groupId>org.sonatype.oss</groupId>
-        <artifactId>oss-parent</artifactId>
-        <version>7</version>
-    </parent>
+    <!-- Parent POM removed to avoid 403 from Maven Central in CI (Snyk, etc.). -->
+    <!-- Plugin versions and config are defined explicitly in this POM. -->
 
     <scm>
         <url>https://github.com/contentstack/contentstack-java</url>
@@ -184,12 +181,12 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.19.2</version>
+            <version>2.21.0</version>
         </dependency>
         <dependency>
             <groupId>com.slack.api</groupId>
             <artifactId>bolt</artifactId>
-            <version>1.45.3</version>
+            <version>1.46.0</version>
         </dependency>
         <dependency>
             <groupId>org.jetbrains</groupId>
@@ -199,7 +196,7 @@
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
-            <version>5.1.0</version> 
+            <version>5.3.2</version> 
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>

src/test/java/com/contentstack/sdk/TestEntryModel.java

@@ -254,8 +254,8 @@ void testConstructorWithPublishDetails() {
         JSONObject publishDetails = new JSONObject();
         publishDetails.put("environment", "production");
         publishDetails.put("time", "2024-01-01T00:00:00.000Z");
-        // file deepcode ignore NoHardcodedCredentials/test: <please specify a reason of ignoring this>
-        publishDetails.put("user", "user123");
+        // Test fixture: user is a non-secret publish-detail field (not a credential)
+        publishDetails.put("user", "test_publisher_uid");
 
         JSONObject json = new JSONObject();
         json.put("uid", "published_entry");
@@ -267,7 +267,7 @@ void testConstructorWithPublishDetails() {
         assertNotNull(model.publishDetails);
         assertEquals("production", model.environment);
         assertEquals("2024-01-01T00:00:00.000Z", model.time);
-        assertEquals("user123", model.user);
+        assertEquals("test_publisher_uid", model.user);
 
         // Verify metadata is populated
         assertNotNull(model.metadata);