[MNG-7513] Address commons-io_commons-io vulnerability found in maven…

… latest version

We can safely remove Commons IO altogether because it is not used in any direct or
transitive usecase at compile time or runtime.

This closes #771

maven-core/pom.xml

@@ -147,6 +147,11 @@ under the License.
       <artifactId>commons-jxpath</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>

maven-core/src/test/java/org/apache/maven/project/ProjectBuilderTest.java

@@ -34,15 +34,14 @@
 import java.util.Properties;
 import java.util.concurrent.atomic.AtomicInteger;
 
+import org.apache.commons.io.FileUtils;
 import org.apache.maven.AbstractCoreMavenComponentTestCase;
 import org.apache.maven.artifact.InvalidArtifactRTException;
 import org.apache.maven.execution.MavenSession;
 import org.apache.maven.model.Plugin;
 import org.apache.maven.model.building.FileModelSource;
 import org.apache.maven.model.building.ModelBuildingRequest;
 import org.apache.maven.model.building.ModelSource;
-import org.apache.maven.shared.utils.io.FileUtils;
-
 
 public class ProjectBuilderTest
     extends AbstractCoreMavenComponentTestCase
@@ -159,7 +158,7 @@ public void testReadModifiedPoms() throws Exception {
         // of DefaultModelBuilder.getCache() are affected by MNG-6530
 
         Path tempDir = Files.createTempDirectory( null );
-        FileUtils.copyDirectoryStructure ( new File( "src/test/resources/projects/grandchild-check" ), tempDir.toFile() );
+        FileUtils.copyDirectory( new File( "src/test/resources/projects/grandchild-check" ), tempDir.toFile() );
         try
         {
             MavenSession mavenSession = createMavenSession( null );
@@ -171,10 +170,10 @@ public void testReadModifiedPoms() throws Exception {
             projectBuilder.build( child, configuration );
             // modify parent
             File parent = new File( tempDir.toFile(), "pom.xml" );
-            String parentContent = FileUtils.fileRead( parent );
+            String parentContent = FileUtils.readFileToString( parent, "UTF-8" );
             parentContent = parentContent.replaceAll( "<packaging>pom</packaging>",
                     "<packaging>pom</packaging><properties><addedProperty>addedValue</addedProperty></properties>" );
-            FileUtils.fileWrite( parent, "UTF-8", parentContent );
+            FileUtils.write( parent, parentContent, "UTF-8" );
             // re-build pom with modified parent
             ProjectBuildingResult result = projectBuilder.build( child, configuration );
             assertThat( result.getProject().getProperties(), hasKey( (Object) "addedProperty" ) );

maven-embedder/pom.xml

@@ -146,6 +146,11 @@ under the License.
       <groupId>commons-cli</groupId>
       <artifactId>commons-cli</artifactId>
     </dependency>
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>

pom.xml

@@ -50,6 +50,7 @@ under the License.
     <javaVersion>8</javaVersion>
     <classWorldsVersion>2.6.0</classWorldsVersion>
     <commonsCliVersion>1.4</commonsCliVersion>
+    <commonsIoVersion>2.11.0</commonsIoVersion>
     <commonsLangVersion>3.8.1</commonsLangVersion>
     <junitVersion>4.13.2</junitVersion>
     <mockitoVersion>2.21.0</mockitoVersion>
@@ -339,6 +340,13 @@ under the License.
         <groupId>org.apache.maven.shared</groupId>
         <artifactId>maven-shared-utils</artifactId>
         <version>3.3.4</version>
+        <exclusions>
+          <!-- We use org.apache.maven.shared.utils.logging only in Maven Core -->
+          <exclusion>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>org.fusesource.jansi</groupId>
@@ -377,6 +385,13 @@ under the License.
         <groupId>org.apache.maven.wagon</groupId>
         <artifactId>wagon-http</artifactId>
         <version>${wagonVersion}</version>
+        <exclusions>
+          <!-- Not used at all -->
+          <exclusion>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <!--  Repository -->
       <dependency>
@@ -435,6 +450,11 @@ under the License.
           </exclusion>
         </exclusions>
       </dependency>
+      <dependency>
+        <groupId>commons-io</groupId>
+        <artifactId>commons-io</artifactId>
+        <version>${commonsIoVersion}</version>
+      </dependency>
       <dependency>
         <groupId>commons-jxpath</groupId>
         <artifactId>commons-jxpath</artifactId>