Bump transitive build and test dependencies to fix security vulnerabi…

…lities.
smarkwal · Apr 15, 2024 · 3034f9e · 3034f9e
1 parent a1b66e5
commit 3034f9e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -29,6 +29,15 @@ plugins {
 
 }
 
+buildscript {
+    dependencies {
+        // fix CVE-2023-3635 in Okio < 3.4.0
+        // (indirect dependency of Gradle Versions Plugin 0.51.0)
+        classpath("com.squareup.okio:okio:3.9.0")
+        classpath("com.squareup.okio:okio-jvm:3.9.0")
+    }
+}
+
 allprojects {
 
     // load user-specific properties -------------------------------------------

diff --git a/jarhc-release-tests/build.gradle.kts b/jarhc-release-tests/build.gradle.kts
@@ -54,6 +54,10 @@ dependencies {
     runtimeOnly("org.slf4j:slf4j-api:2.0.13")
     runtimeOnly("org.slf4j:slf4j-simple:2.0.13")
 
+    // fix CVE-2024-25710 and CVE-2024-26308 in Commons Compress < 1.26.0
+    // (dependency of Testcontainers 1.19.7)
+    implementation("org.apache.commons:commons-compress:1.26.1")
+
 }
 
 // plugin configurations -------------------------------------------------------