Skip to content

Commit

Permalink
CVE fixes
Browse files Browse the repository at this point in the history
CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167

Signed-off-by: Asif Sohail Mohammed <[email protected]>
Signed-off-by: Asif Sohail Mohammed <[email protected]>
  • Loading branch information
asifsmohammed committed Sep 26, 2023
1 parent fee636c commit e40fbb1
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 5 deletions.
36 changes: 33 additions & 3 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -141,19 +141,25 @@ subprojects {
}
implementation('net.minidev:json-smart') {
version {
require '2.4.11'
require '2.5.0'
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-http') {
version {
require '11.0.15'
require '11.0.16'
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-server') {
version {
require '11.0.15'
require '11.0.16'
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-servlets') {
version {
require '11.0.16'
}
because 'CVE from transitive dependencies'
}
Expand All @@ -169,6 +175,30 @@ subprojects {
}
because 'Fixes CVE-2023-35165, CVE-2023-34455, CVE-2023-34453, CVE-2023-34454, CVE-2023-2976'
}
implementation('com.squareup.okio:okio-jvm') {
version {
require '3.5.0'
}
because 'CVE from transitive dependencies'
}
implementation('com.charleskorn.kaml:kaml') {
version {
require '0.55.0'
}
because 'CVE from transitive dependencies'
}
implementation('org.bitbucket.b_c:jose4j') {
version {
require '0.9.3'
}
because 'CVE from transitive dependencies'
}
implementation('org.scala-lang:scala-library') {
version {
require '2.13.12'
}
because 'CVE from transitive dependencies'
}
}
}

Expand Down
4 changes: 2 additions & 2 deletions settings.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ dependencyResolutionManagement {
library('armeria-core', 'com.linecorp.armeria', 'armeria').versionRef('armeria')
library('armeria-grpc', 'com.linecorp.armeria', 'armeria-grpc').versionRef('armeria')
library('armeria-junit', 'com.linecorp.armeria', 'armeria-junit5').versionRef('armeria')
version('protobuf', '3.21.11')
version('protobuf', '3.24.3')
library('protobuf-core', 'com.google.protobuf', 'protobuf-java').versionRef('protobuf')
library('protobuf-util', 'com.google.protobuf', 'protobuf-java-util').versionRef('protobuf')
version('opentelemetry', '0.16.0-alpha')
Expand All @@ -37,7 +37,7 @@ dependencyResolutionManagement {
version('bouncycastle', '1.76')
library('bouncycastle-bcprov', 'org.bouncycastle', 'bcprov-jdk18on').versionRef('bouncycastle')
library('bouncycastle-bcpkix', 'org.bouncycastle', 'bcpkix-jdk18on').versionRef('bouncycastle')
version('guava', '32.0.1-jre')
version('guava', '32.1.2-jre')
library('guava-core', 'com.google.guava', 'guava').versionRef('guava')
library('commons-lang3', 'org.apache.commons', 'commons-lang3').version('3.13.0')
library('commons-io', 'commons-io', 'commons-io').version('2.13.0')
Expand Down

0 comments on commit e40fbb1

Please sign in to comment.