chore(deps):[#463] Manually update org.apache.commons:commons-compres…

…s to 1.26.1
eclipse-tractusx · Apr 10, 2024 · 513b00b · 513b00b
1 parent f6d1eeb
commit 513b00b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/irs-testing/pom.xml b/irs-testing/pom.xml
@@ -103,6 +103,18 @@
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>testcontainers</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>commons-compress</artifactId>
+                    <groupId>org.apache.commons</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- Update commons-compress manually to avoid vulnerability CVE-2024-26308, CVE-2024-25710; can be removed after testcontainers updates their dependency -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-compress</artifactId>
+            <version>${commons-compress.version}</version>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>

diff --git a/pom.xml b/pom.xml
@@ -123,6 +123,7 @@
         <maven-gpg-plugin.version>3.1.0</maven-gpg-plugin.version>
         <license-tool-plugin.version>1.1.0</license-tool-plugin.version>
         <snappy-java.version>1.1.10.5</snappy-java.version>
+        <commons-compress.version>1.26.1</commons-compress.version>
     </properties>
 
     <dependencyManagement>