Transitive vulnerable dependency

[palhoye]

Checkmarx reports the following transitive vulnerability via Gradle for "io.zonky.test:embedded-database-spring-test:2.5.0":

Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0

• CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
• CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity found

[tomix26]

Thank you for the report. The fix has just been merged into the affected library here: zonkyio/embedded-postgres#128