fix: address various Dependabot warnings (#1107)

smithy-lang · Jun 25, 2024 · 9c11614 · 9c11614
1 parent a63d341
commit 9c11614
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -25,7 +25,7 @@ kotlin-compile-testing-version = "1.5.0"
 kotlinx-benchmark-version = "0.4.9"
 kotlinx-serialization-version = "1.6.0"
 docker-java-version = "3.3.6"
-ktor-version = "2.3.6"
+ktor-version = "2.3.12"
 kaml-version = "0.55.0"
 jsoup-version = "1.16.2"
 

diff --git a/runtime/protocol/http-client-engines/test-suite/build.gradle.kts b/runtime/protocol/http-client-engines/test-suite/build.gradle.kts
@@ -43,6 +43,12 @@ kotlin {
         jvmTest {
             dependencies {
                 implementation(libs.docker.core)
+                // FIXME docker-java has a ton of dependencies with vulnerabilities, and they don't seem motivated to fix them.
+                // So we must override their dependencies with the latest patched versions. https://github.com/docker-java/docker-java/issues/1974
+                implementation("com.fasterxml.jackson.core:jackson-databind:2.12.7.1") // https://github.com/docker-java/docker-java/issues/2177
+                implementation("org.apache.commons:commons-compress:1.26.0") // https://github.com/docker-java/docker-java/pull/2256
+                implementation("org.bouncycastle:bcpkix-jdk18on:1.78") // https://github.com/docker-java/docker-java/pull/2326
+
                 implementation(libs.docker.transport.zerodep)
             }
         }