bumping libraries versions because of advisory #66

	# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
	# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

	name: Java CI with Maven

	on:
	push:
	branches: [ master ]
	pull_request:
	branches: [ master ]

	jobs:
	build:
	runs-on: ${{ matrix.os }}
	continue-on-error: ${{ matrix.experimental }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest, windows-latest]
	java: [ 8, 11, 17 ]
	experimental: [false]
	env:
	OS: ${{ matrix.os }}

	steps:
	- uses: actions/checkout@v2
	- name: Set up Java ${{ matrix.java }}
	uses: actions/setup-java@v2
	with:
	distribution: 'temurin'
	java-version: ${{ matrix.java }}
	cache: maven

	- name: Build with Maven
	run: mvn -B package --file pom.xml

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v2
	with:
	directory: ./target/site/jacoco
	files: jacoco.xml
	env_vars: OS,JAVA
	fail_ci_if_error: true
	flags: unittests
	name: codecov-umbrella
	verbose: true

	sonarcloud:
	# https://github.com/sonarsource/sonarcloud-github-action
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	with:
	# Disabling shallow clone is recommended for improving relevancy of reporting
	fetch-depth: 0
	- name: SonarCloud Scan
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=jMotif_SAX

Provide feedback