Skip to content

Commit

Permalink
Merge pull request #797 from Banno/update-snappy
Browse files Browse the repository at this point in the history
Update snappy to 1.1.10.4 due to recurring CVE
  • Loading branch information
rossabaker authored Oct 9, 2023
2 parents 78be825 + a2d8a2d commit c27116c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ val V = new {
val munitCE3 = "1.0.7"
val scalatest = "3.2.17"
val scalatestPlus = "3.2.3.0"
val snappy = "1.1.10.4"
val vulcan = "1.9.0"
}

Expand Down Expand Up @@ -180,6 +181,7 @@ lazy val commonSettings = Seq(
libraryDependencies ++= Seq(
"co.fs2" %% "fs2-core" % V.fs2,
"org.apache.kafka" % "kafka-clients" % V.kafka,
"org.xerial.snappy" % "snappy-java" % V.snappy, // multiple CVE, doesn't work as Runtime
"io.confluent" % "kafka-avro-serializer" % V.confluent,
"org.apache.avro" % "avro" % V.avro, // CVE-2023-39410, didn't work as Runtime
"org.apache.commons" % "commons-compress" % V.commonsCompress, // CVE-2023-42503, didn't work as Runtime
Expand Down

0 comments on commit c27116c

Please sign in to comment.