Skip to content

Commit

Permalink
Fix transitive dependency vulnerability (#47)
Browse files Browse the repository at this point in the history 
Co-authored-by: mihir gore <[email protected]>
  • Loading branch information
@mihirgt
mihirgt and mihir gore authored Oct 3, 2023
1 parent 3ed2ef2 commit 1eaa577
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion data-model/build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ plugins {
id("org.hypertrace.avro-plugin") version "0.3.1"
id("org.hypertrace.publish-plugin")
id("org.hypertrace.jacoco-report-plugin")
id("org.owasp.dependencycheck") version "8.2.1"
}

tasks.test {
Expand All @@ -13,8 +14,9 @@ tasks.test {
dependencies {
api("org.apache.avro:avro:1.11.3")
constraints {
api("org.apache.commons:commons-compress:1.21") {
api("org.apache.commons:commons-compress:1.24.0") {
because("Multiple vulnerabilities in avro-declared version")
because("https://nvd.nist.gov/vuln/detail/CVE-2023-42503")
}
api("com.fasterxml.jackson.core:jackson-databind:2.14.2") {
because("version 2.12.7.1 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424")
Expand Down

0 comments on commit 1eaa577

Please sign in to comment.