chore: Update workflows to v4, adjusts tests to be less brittle/more informative

Author: calhar-snyk

.github/workflows/release.yml

@@ -10,15 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Fetch sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup JDK 17
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v4
         with:
+          distribution: 'temurin'
           java-version: 17
 
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: |
             ~/.m2/repository
@@ -28,7 +29,7 @@ jobs:
 
       - name: Configure build metadata
         id: metadata
-        run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//}
+        run: echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
 
       - name: Build plugin
         env:

.github/workflows/smoke_tests.yaml

@@ -13,15 +13,16 @@ jobs:
 
     steps:
       - name: Fetch sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup JDK 17
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v4
         with:
+          distribution: 'temurin'
           java-version: 17
 
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: |
             ~/.m2/repository
@@ -31,7 +32,7 @@ jobs:
 
       - name: Configure build metadata
         id: metadata
-        run: echo ::set-output name=tag::1.0.0
+        run: echo "tag=1.0.0" >> $GITHUB_OUTPUT
 
       - name: Build plugin
         env:

.github/workflows/unit_tests.yml

@@ -8,18 +8,19 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java: [17, 20]
+        java: [17, 21]
     steps:
       - name: Fetch sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup JDK ${{ matrix.java }}
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v4
         with:
+          distribution: 'temurin'
           java-version: ${{ matrix.java }}
 
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: |
             ~/.m2/repository

.snyk

@@ -1,37 +1,60 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
+version: v1.25.1
 patch: {}
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  'SNYK-JAVA-COMGOOGLEPROTOBUF-8055227':
+  SNYK-JAVA-COMGOOGLEPROTOBUF-8055227:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2024-12-19T00:00:00.000Z
-  'SNYK-JAVA-DNSJAVA-7547403':
+  SNYK-JAVA-DNSJAVA-7547403:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2024-12-19T00:00:00.000Z
-  'SNYK-JAVA-DNSJAVA-7547404':
+  SNYK-JAVA-DNSJAVA-7547404:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2024-12-19T00:00:00.000Z
-  'SNYK-JAVA-DNSJAVA-7547405':
+  SNYK-JAVA-DNSJAVA-7547405:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2024-12-19T00:00:00.000Z
-  'SNYK-JAVA-COMMONSLANG-10734077':
+  SNYK-JAVA-COMMONSLANG-10734077:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2025-07-17T00:00:00.000Z
-  'SNYK-JAVA-ORGAPACHECOMMONS-10734078':
+  SNYK-JAVA-ORGAPACHECOMMONS-10734078:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2025-07-17T00:00:00.000Z
-  'SNYK-JAVA-ORGSPRINGFRAMEWORK-11958848':
+  SNYK-JAVA-ORGSPRINGFRAMEWORK-11958848:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2025-08-18T00:00:00.000Z
-  'SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931':
+  SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931:
     - '*':
-        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
         created: 2025-08-26T00:00:00.000Z
+  SNYK-JAVA-ORGSPRINGFRAMEWORK-12817817:
+    - '*':
+        reason: >-
+          Transitive dep of artifactory-papi. Actual papi is provided by
+          artifactory env at runtime so this is a false positive.
+        expires: 2025-11-02T15:34:14.942Z
+        created: 2025-10-03T15:34:14.947Z

core/src/test/java/io/snyk/plugins/artifactory/scanner/PythonScannerTest.java

@@ -15,6 +15,7 @@
 import java.util.Properties;
 
 import static io.snyk.plugins.artifactory.configuration.PluginConfiguration.API_ORGANIZATION;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -39,7 +40,9 @@ void shouldTestPipPackage() throws Exception {
     when(fileLayoutInfo.getBaseRevision()).thenReturn("1.25.7");
 
     TestResult result = scanner.scan(fileLayoutInfo, repoPath);
-    assertEquals(6, result.getVulnSummary().getTotalCount());
+    assertThat(result.getVulnSummary().getTotalCount())
+      .isGreaterThanOrEqualTo(7)
+      .withFailMessage("As of 2025-10-03 urllib3@1.25.7 should have at least 7 vulns");
     assertEquals("https://security.snyk.io/package/pip/urllib3/1.25.7", result.getDetailsUrl().toString());
   }
 

core/src/test/java/io/snyk/plugins/artifactory/scanner/cocoapods/CocoapodsScannerTest.java

@@ -42,7 +42,9 @@ void whenAValidPackage() {
     when(repoPath.getPath()).thenReturn("OpenSSL/OpenSSL/tags/1.0.2/OpenSSL-1.0.2.tar.gz");
 
     TestResult result = scanner.scan(fileLayoutInfo, repoPath);
-    assertThat(result.getVulnSummary().getCountAtOrAbove(Severity.MEDIUM)).isGreaterThanOrEqualTo(63);
+    assertThat(result.getVulnSummary().getCountAtOrAbove(Severity.MEDIUM))
+      .isGreaterThanOrEqualTo(63)
+      .withFailMessage("As of 2025-10-03 OpenSSL@1.0.2 should have at least 63 medium+ vulns");
     assertThat(result.getDetailsUrl().toString()).isEqualTo("https://security.snyk.io/package/cocoapods/OpenSSL/1.0.2");
   }
 }

core/src/test/java/io/snyk/plugins/artifactory/scanner/nuget/NugetScannerTest.java

@@ -42,7 +42,9 @@ void whenAValidNugetPackage() {
     when(repoPath.getName()).thenReturn("newtonsoft.json.13.0.0.nupkg");
 
     TestResult result = scanner.scan(fileLayoutInfo, repoPath);
-    assertThat(result.getVulnSummary().getCountAtOrAbove(Severity.MEDIUM)).isGreaterThanOrEqualTo(1);
+    assertThat(result.getVulnSummary().getCountAtOrAbove(Severity.MEDIUM))
+      .isGreaterThanOrEqualTo(1)
+      .withFailMessage("As of 2025-10-03 newtonsoft.json@13.0.0 should have at least 1 medium+ vuln");
     assertThat(result.getDetailsUrl().toString()).isEqualTo("https://security.snyk.io/package/nuget/newtonsoft.json/13.0.0");
   }
 

core/src/test/java/io/snyk/plugins/artifactory/scanner/rubygems/RubyGemsScannerTest.java

@@ -43,7 +43,9 @@ void whenAValidGemPackage() {
     when(repoPath.getName()).thenReturn("sinatra-2.0.0.gem");
 
     TestResult result = scanner.scan(fileLayoutInfo, repoPath);
-    assertThat(result.getVulnSummary().getCountAtOrAbove(Severity.MEDIUM)).isGreaterThanOrEqualTo(5);
+    assertThat(result.getVulnSummary().getCountAtOrAbove(Severity.MEDIUM))
+      .isGreaterThanOrEqualTo(5)
+      .withFailMessage("As of 2025-10-03 sinatra@2.0.0 should have at least 5 medium+ vulns");
     assertThat(result.getDetailsUrl().toString()).isEqualTo("https://security.snyk.io/package/rubygems/sinatra/2.0.0");
   }