From a5b977f4032b7896eb047f9280eb5beae202d679 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Dec 2025 10:21:20 +0000
Subject: [PATCH] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-14532782
---
 pom.xml | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/pom.xml b/pom.xml
index 15293a0ac..89437aea6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -321,39 +321,39 @@
                                 <!-- windows build -->
                                 <copy todir="${dist.base}/windows">
                                     <fileset dir="${project.basedir}">
-                                        <include name="config/**" />
-                                        <include name="LICENSE*" />
+                                        <include name="config/**"/>
+                                        <include name="LICENSE*"/>
                                     </fileset>
                                     <fileset dir="${project.basedir}/target">
-                                        <include name="semux.exe" />
+                                        <include name="semux.exe"/>
                                     </fileset>
                                 </copy>
-                                <copy file="${project.basedir}/misc/launch4j/semux.l4j.ini" tofile="${dist.base}/windows/semux.l4j.ini" />
-                                <fixcrlf srcdir="${dist.base}/windows" includes="**/*.ini" eol="dos" eof="asis" />
-                                <fixcrlf srcdir="${dist.base}/windows" includes="config/*" eol="dos" eof="asis" />
-                                <fixcrlf srcdir="${dist.base}/windows" includes="LICENSE*" eol="dos" eof="asis" />
+                                <copy file="${project.basedir}/misc/launch4j/semux.l4j.ini" tofile="${dist.base}/windows/semux.l4j.ini"/>
+                                <fixcrlf srcdir="${dist.base}/windows" includes="**/*.ini" eol="dos" eof="asis"/>
+                                <fixcrlf srcdir="${dist.base}/windows" includes="config/*" eol="dos" eof="asis"/>
+                                <fixcrlf srcdir="${dist.base}/windows" includes="LICENSE*" eol="dos" eof="asis"/>
 
                                 <!-- linux build (executable jar) -->
                                 <copy todir="${dist.base}/linux">
                                     <fileset dir="${project.basedir}">
-                                        <include name="config/**" />
-                                        <include name="LICENSE*" />
+                                        <include name="config/**"/>
+                                        <include name="LICENSE*"/>
                                     </fileset>
                                 </copy>
-                                <copy file="${project.basedir}/src/main/resources/org/semux/gui/splash.png" todir="${dist.base}/linux/resources" />
-                                <copy file="${project.basedir}/target/semux-${project.version}-shaded.jar" tofile="${dist.base}/linux/semux.jar" />
-                                <copy file="${project.basedir}/scripts/semux-cli.sh" tofile="${dist.base}/linux/semux-cli.sh" />
-                                <copy file="${project.basedir}/scripts/semux-gui.sh" tofile="${dist.base}/linux/semux-gui.sh" />
-                                <chmod file="${dist.base}/linux/semux.jar" perm="755" />
-                                <chmod file="${dist.base}/linux/semux*.sh" perm="755" />
+                                <copy file="${project.basedir}/src/main/resources/org/semux/gui/splash.png" todir="${dist.base}/linux/resources"/>
+                                <copy file="${project.basedir}/target/semux-${project.version}-shaded.jar" tofile="${dist.base}/linux/semux.jar"/>
+                                <copy file="${project.basedir}/scripts/semux-cli.sh" tofile="${dist.base}/linux/semux-cli.sh"/>
+                                <copy file="${project.basedir}/scripts/semux-gui.sh" tofile="${dist.base}/linux/semux-gui.sh"/>
+                                <chmod file="${dist.base}/linux/semux.jar" perm="755"/>
+                                <chmod file="${dist.base}/linux/semux*.sh" perm="755"/>
 
                                 <!-- macos build -->
                                 <!-- use fat jar because .app bundle is not production ready -->
                                 <copy todir="${dist.base}/macos">
-                                    <fileset dir="${dist.base}/linux"></fileset>
+                                    <fileset dir="${dist.base}/linux"/>
                                 </copy>
-                                <chmod file="${dist.base}/macos/semux.jar" perm="755" />
-                                <chmod file="${dist.base}/macos/semux*.sh" perm="755" />
+                                <chmod file="${dist.base}/macos/semux.jar" perm="755"/>
+                                <chmod file="${dist.base}/macos/semux*.sh" perm="755"/>
                             </target>
                         </configuration>
                         <goals>
@@ -395,7 +395,7 @@
                     <instrumentation>
                         <ignoreTrivial>true</ignoreTrivial>
                     </instrumentation>
-                    <check />
+                    <check/>
                 </configuration>
             </plugin>
 
@@ -474,7 +474,7 @@
                         <configuration>
                             <skip>false</skip>
                             <rules>
-                                <DependencyConvergence />
+                                <DependencyConvergence/>
                                 <digestRule implementation="uk.co.froot.maven.enforcer.DigestRule">
                                     <!-- Create a snapshot to build the list of URNs below -->
                                     <buildSnapshot>false</buildSnapshot>
@@ -602,7 +602,7 @@
                                         </goals>
                                     </pluginExecutionFilter>
                                     <action>
-                                        <ignore></ignore>
+                                        <ignore/>
                                     </action>
                                 </pluginExecution>
                             </pluginExecutions>
@@ -642,12 +642,12 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.10.0</version>
+            <version>2.25.3</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-slf4j-impl</artifactId>
-            <version>2.10.0</version>
+            <version>2.25.3</version>
             <exclusions>
                 <!-- NOTE: log4j requires a newer version of slfj which is still in beta -->
                 <exclusion>