Enforce safe version of maven:commons-io:commons-io in libraries/tools

snpefk · Space Team · commit 963f13009222 · 2025-08-20T09:11:27.000Z
#KT-80213
diff --git a/libraries/pom.xml b/libraries/pom.xml
@@ -110,6 +110,18 @@
         </dependency>
     </dependencies>
 
+    <dependencyManagement>
+      <dependencies>
+        <dependency>
+          <!-- Force commons-io to 2.18.0 because of vulnerability -->
+          <!-- KT-80213 Vulnerability in tools/kotlin-maven-plugin-test/pom.xml -->
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+          <version>2.18.0</version>
+        </dependency>
+      </dependencies>
+    </dependencyManagement>
+
     <build>
         <pluginManagement>
             <plugins>
diff --git a/repo/artifacts-tests/src/test/resources/org/jetbrains/kotlin/kotlin-project/kotlin-project.pom b/repo/artifacts-tests/src/test/resources/org/jetbrains/kotlin/kotlin-project/kotlin-project.pom
@@ -110,6 +110,18 @@
         </dependency>
     </dependencies>
 
+    <dependencyManagement>
+      <dependencies>
+        <dependency>
+          <!-- Force commons-io to 2.18.0 because of vulnerability -->
+          <!-- KT-80213 Vulnerability in tools/kotlin-maven-plugin-test/pom.xml -->
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+          <version>2.18.0</version>
+        </dependency>
+      </dependencies>
+    </dependencyManagement>
+
     <build>
         <pluginManagement>
             <plugins>
