Skip to content

Commit 1eaa577

Browse files
mihirgtmihir gore
mihirgt
and
mihir gore
authored
Fix transitive dependency vulnerability (#47)
Co-authored-by: mihir gore <[email protected]>
1 parent 3ed2ef2 commit 1eaa577

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

data-model/build.gradle.kts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ plugins {
44
id("org.hypertrace.avro-plugin") version "0.3.1"
55
id("org.hypertrace.publish-plugin")
66
id("org.hypertrace.jacoco-report-plugin")
7+
id("org.owasp.dependencycheck") version "8.2.1"
78
}
89

910
tasks.test {
@@ -13,8 +14,9 @@ tasks.test {
1314
dependencies {
1415
api("org.apache.avro:avro:1.11.3")
1516
constraints {
16-
api("org.apache.commons:commons-compress:1.21") {
17+
api("org.apache.commons:commons-compress:1.24.0") {
1718
because("Multiple vulnerabilities in avro-declared version")
19+
because("https://nvd.nist.gov/vuln/detail/CVE-2023-42503")
1820
}
1921
api("com.fasterxml.jackson.core:jackson-databind:2.14.2") {
2022
because("version 2.12.7.1 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424")

0 commit comments

Comments
 (0)