Skip to content

Commit

Permalink
Merge pull request #789 from Banno/CVE-2023-39410
Browse files Browse the repository at this point in the history
CVE-2023-39410: bump avro4s
  • Loading branch information
rossabaker authored Oct 4, 2023
2 parents 876ad98 + 6cc3464 commit 419242b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Global / onChangedBuildSource := ReloadOnSourceChanges
val V = new {
val scalaVersion = "2.13.10"
val crossScalaVersions = List()
val avro = "1.11.3"
val avro4s = "3.1.0"
val betterMonadicFor = "0.3.1"
val cats = "2.10.0"
Expand Down Expand Up @@ -203,6 +204,7 @@ lazy val commonSettings = Seq(
"co.fs2" %% "fs2-core" % V.fs2,
"org.apache.kafka" % "kafka-clients" % V.kafka,
"io.confluent" % "kafka-avro-serializer" % V.confluent,
"org.apache.avro" % "avro" % V.avro % Compile, // CVE-2023-39410, didn't work as Runtime
"io.chrisdavenport" %% "epimetheus" % V.epimetheus,
"org.typelevel" %% "log4cats-slf4j" % V.log4cats,
// Upgrade vulnerable guava-30.1.1-jre from confluent-7.4.1. This
Expand Down

0 comments on commit 419242b

Please sign in to comment.