Upgrade various libraries and add dependency check

Upgraded scribe-java to `8.3.3`
Added owasp dependency checker

Author: Darren Greaves

README.md

@@ -41,7 +41,7 @@ An API key is required to use this API.  You can [request one on Flickr](http://
 
 #### Required libraries
 
-- [scribejava-api (v 6.9.0 onwards)](https://github.com/scribejava/scribejava) (required for the OAuth functionality)
+- [scribejava-api (v8.3.3 onwards)](https://github.com/scribejava/scribejava) (required for the OAuth functionality)
 - [SLF4J](https://www.slf4j.org) (runtime dependency for logging)
 
 [See here](https://www.slf4j.org/manual.html#swapping) for details on how to choose and configure an SLF4J logging library.
@@ -76,3 +76,10 @@ Run tests as follows.
 
 Expect lots of failures and general flakiness as data has changed on Flickr and the tests or data need updating.
 
+### Dependency checker
+
+[OWASP dependency-check](https://github.com/jeremylong/DependencyCheck) is configured in the pom.xml.
+
+To run a dependency check
+
+    mvn -U clean verify -P dependency-check

config/dependencyCheckSuppression.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
+
+</suppressions>

pom.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>com.flickr4java</groupId>
@@ -11,20 +12,20 @@
     <url>https://github.com/boncey/Flickr4Java</url>
 
     <developers>
-      <developer>
-        <id>boncey</id>
-        <name>Darren Greaves</name>
-        <roles>
-          <role>developer</role>
-        </roles>
-      </developer>
-      <developer>
-        <id>callmeal</id>
-        <name>Allan</name>
-        <roles>
-          <role>developer</role>
-        </roles>
-      </developer>
+        <developer>
+            <id>boncey</id>
+            <name>Darren Greaves</name>
+            <roles>
+                <role>developer</role>
+            </roles>
+        </developer>
+        <developer>
+            <id>callmeal</id>
+            <name>Allan</name>
+            <roles>
+                <role>developer</role>
+            </roles>
+        </developer>
     </developers>
 
     <licenses>
@@ -37,9 +38,12 @@
 
     <properties>
         <javaVersion>1.8</javaVersion>
-        <junitVersion>4.13.1</junitVersion>
-        <slf4j.version>1.7.30</slf4j.version>
-        <scribe.version>6.9.0</scribe.version>
+        <junitVersion>4.13.2</junitVersion>
+        <slf4j.version>2.0.5</slf4j.version>
+        <scribe.version>8.3.3</scribe.version>
+        <dependency.check.suppression.file>config/dependencyCheckSuppression.xml</dependency.check.suppression.file>
+        <dependency.check.version>8.2.1</dependency.check.version>
+
     </properties>
 
     <dependencies>
@@ -133,7 +137,7 @@
                             <goal>jar</goal>
                         </goals>
                         <configuration>
-                            <additionalparam>-Xdoclint:none</additionalparam>
+                            <additionalOptions>-Xdoclint:none</additionalOptions>
                         </configuration>
                     </execution>
                 </executions>
@@ -182,13 +186,21 @@
                         </executions>
                     </plugin>
                     <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
+                        <version>3.2.0</version>
+                        <configuration>
+                            <source>8</source>
+                        </configuration>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
                                 <goals>
                                     <goal>jar</goal>
                                 </goals>
+                                <configuration>
+                                    <additionalOptions>-Xdoclint:none</additionalOptions>
+                                </configuration>
                             </execution>
                         </executions>
                     </plugin>
@@ -233,6 +245,33 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>dependency-check</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.owasp</groupId>
+                        <artifactId>dependency-check-maven</artifactId>
+                        <version>${dependency.check.version}</version>
+                        <configuration>
+                            <suppressionFile>${dependency.check.suppression.file}</suppressionFile>
+                            <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
     <reporting>
         <plugins>

src/main/java/com/flickr4java/flickr/REST.java

@@ -8,6 +8,7 @@
 import com.flickr4java.flickr.util.IOUtilities;
 import com.flickr4java.flickr.util.OAuthUtilities;
 import com.flickr4java.flickr.util.UrlUtilities;
+import com.github.scribejava.core.httpclient.multipart.FileByteArrayBodyPartPayload;
 import com.github.scribejava.core.model.OAuth1AccessToken;
 import com.github.scribejava.core.model.OAuthRequest;
 import com.github.scribejava.core.model.Parameter;
@@ -227,9 +228,8 @@ public com.flickr4java.flickr.Response postMultiPart(String path, UploadMetaData
         // Ensure all parameters (including oauth) are added to payload so signature matches
         uploadParameters.putAll(request.getOauthParameters());
 
-        request.addFileByteArrayBodyPartPayloadInMultipartPayload(payload.getPayload(), "photo", metaData.getFilename());
-        uploadParameters.entrySet().forEach(e ->
-                request.addFileByteArrayBodyPartPayloadInMultipartPayload(null, e.getValue().getBytes(), e.getKey()));
+        request.addBodyPartPayloadInMultipartPayload(new FileByteArrayBodyPartPayload(payload.getPayload(), "photo", metaData.getFilename()));
+        uploadParameters.forEach((param, uploadPayload) -> request.addBodyPartPayloadInMultipartPayload(new FileByteArrayBodyPartPayload(uploadPayload.getBytes(), param)));
 
         try {
             return handleResponse(request, service);

src/main/java/com/flickr4java/flickr/groups/discuss/GroupDiscussInterface.java

@@ -11,13 +11,13 @@
 import java.util.HashMap;
 import java.util.Map;
 
+/**
+ * Group.Discuss Interface.
+ *
+ * @author Jonathan Willis
+ */
 public class GroupDiscussInterface {
 
-    /**
-     * Group.Discuss Interface.
-     * 
-     * @author Jonathan Willis
-     */
     public static final String METHOD_TOPICS_GET_LIST = "flickr.groups.discuss.topics.getList";
 
     public static final String METHOD_TOPICS_GET_INFO = "flickr.groups.discuss.topics.getInfo";