Skip to content

Commit

Permalink
Resolves transitive dependencies for 2.7.0 (#4308)
Browse files Browse the repository at this point in the history
Updates transitive dependencies to resolve CVE-2023-51775, CVE-2024-23944, CVE-2023-52428. Move some constraints such that they are only in the projects needing them. Resolves #4282, #4290, #4296.

Signed-off-by: David Venable <[email protected]>
  • Loading branch information
dlvenable authored Mar 21, 2024
1 parent 2a02080 commit 507b2ed
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 11 deletions.
10 changes: 2 additions & 8 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,9 @@ subprojects {
}
implementation('org.apache.zookeeper:zookeeper') {
version {
require '3.7.2'
require '3.8.4'
}
because 'Fixes CVE-2023-44981'
because 'Fixes CVE-2024-23944, CVE-2023-44981'
}
implementation('com.google.code.gson:gson') {
version {
Expand Down Expand Up @@ -224,12 +224,6 @@ subprojects {
}
because 'Fixes CVE-2023-51074 from transitive dependencies'
}
implementation('org.bitbucket.b_c:jose4j') {
version {
require '0.9.3'
}
because 'CVE from transitive dependencies'
}
implementation('org.scala-lang:scala-library') {
version {
require '2.13.12'
Expand Down
6 changes: 6 additions & 0 deletions data-prepper-plugins/kafka-plugins/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,12 @@ dependencies {
}
because 'Fixes SNYK-JAVA-ORGMOZILLA-1314295.'
}
implementation('org.bitbucket.b_c:jose4j') {
version {
require '0.9.4'
}
because 'Fixes CVE-2023-51775 and other CVEs from transitive dependencies'
}
}
}

Expand Down
2 changes: 1 addition & 1 deletion data-prepper-plugins/parquet-codecs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ dependencies {
version {
require '9.37.1'
}
because 'Fixes CVE-2021-31684 and CVE-2023-1370 by using a newer shaded version of json-smart.'
because 'Fixes CVE-2023-52428, CVE-2021-31684 and CVE-2023-1370 by using a newer shaded version of json-smart.'
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions data-prepper-plugins/s3-sink/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ dependencies {
constraints {
implementation('com.nimbusds:nimbus-jose-jwt') {
version {
require '9.37.1'
require '9.37.2'
}
because 'Fixes CVE-2021-31684 and CVE-2023-1370 by using a newer shaded version of json-smart.'
because 'Fixes CVE-2023-52428, CVE-2021-31684 and CVE-2023-1370 by using a newer shaded version of json-smart.'
}
}
}
Expand Down

0 comments on commit 507b2ed

Please sign in to comment.