Skip to content

Commit

Permalink
Update snappy to 1.1.10.4 due to recurring CVE
Browse files Browse the repository at this point in the history
  • Loading branch information
@rossabaker
rossabaker committed Oct 9, 2023
1 parent a54baa3 commit 65130c9
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions build.sbt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ val V = new {
val munitCE3 = "1.0.7"
val scalatest = "3.2.17"
val scalatestPlus = "3.2.3.0"
val snappy = "1.1.10.4"
val vulcan = "1.9.0"
}

Expand Down Expand Up @@ -177,6 +178,7 @@ lazy val commonSettings = Seq(
libraryDependencies ++= Seq(
"co.fs2" %% "fs2-core" % V.fs2,
"org.apache.kafka" % "kafka-clients" % V.kafka,
"org.xerial.snappy" % "snappy-java" % V.snappy, // multiple CVE, doesn't work as Runtime
"io.confluent" % "kafka-avro-serializer" % V.confluent,
"org.apache.avro" % "avro" % V.avro, // CVE-2023-39410, didn't work as Runtime
"org.apache.commons" % "commons-compress" % V.commonsCompress, // CVE-2023-42503, didn't work as Runtime
Expand Down

0 comments on commit 65130c9

Please sign in to comment.