Replace commons codec

[jasonsoooz]

Hi,

At work, we use your twilio library to send sms messages. We use Sonatype vulnerability scanner to scan our code base for security vulnerabilities. Apache commons codec was picked up with issues for Base64, BCodec, Base32 classes. There's no CVE (Common Vulnerabilities and Exposures), but Sonatype raised an internal issue referencing apache issue below.

https://issues.apache.org/jira/browse/CODEC-134

The fix was to use java util Base64 encoder and remove apache commons codec dependency. Maven tests passed.

I also added Spotbugs scan to the compile phase to highlight potential issues, which doesn't fail the build on error. You can kick it off independently using 'mvn spotbugs:check'.

Contributing to Twilio

All third-party contributors acknowledge that any contributions they provide will be made under the same open-source license that the open-source project is provided under.

• I acknowledge that all my contributions will be made under the project's license.

[jasonsoooz]

Apologies, original solution was using Java 8 util Base64 class. Have changed it to java 7 compatible DatatypeConverter. Also removed spotbugs scan from compile phase as it was slowing down feedback.

[thinkingserious]

Well done @jasonsoooz, thank you!

For reference:

The fixed version of the commons-codec is 1.13, which is not included in the latest version of org.apache.httpcomponents/httpclient (4.5.9)

[thinkingserious]

Hello @jasonsoooz,

Could you please check the box next to "I acknowledge that all my contributions will be made under the project's license." so that we may merge this PR?

Thanks!

With best regards,

Elmer

[jasonsoooz]

I've checked the box, thanks.

[jasonsoooz]

Hi @thinkingserious, I've checked the box thanks