diff --git a/gradle/versions.gradle b/gradle/versions.gradle index a3df10814..53e73db47 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -33,7 +33,7 @@ dependencyManagement { dependency 'info.picocli:picocli:4.6.2' - dependencySet(group: 'io.vertx', version: '4.4.1') { + dependencySet(group: 'io.vertx', version: '4.4.4') { entry 'vertx-codegen' entry ('vertx-core') { exclude group: 'io.netty', name: 'netty-handler' @@ -129,11 +129,12 @@ dependencyManagement { dependency 'com.github.arteam:simple-json-rpc-server:1.3' dependency 'com.github.arteam:simple-json-rpc-client:1.3' - dependencySet(group: 'com.azure', version: '4.6.0') { + dependencySet(group: 'com.azure', version: '4.6.3') { entry 'azure-security-keyvault-secrets' entry 'azure-security-keyvault-keys' } - dependency 'com.azure:azure-identity:1.8.1' + dependency 'com.azure:azure-identity:1.9.2' + dependency 'com.azure:azure-core-http-netty:1.13.5' dependency 'com.zaxxer:HikariCP:5.0.1' dependency 'org.postgresql:postgresql:42.5.3' @@ -177,10 +178,22 @@ dependencyManagement { */ dependency 'com.squareup.okhttp3:logging-interceptor:4.10.0' - // addressing CVE-2022-41881, CVE-2022-41915 - dependency 'io.netty:netty-all:4.1.94.Final' - // CVE-2023-34462 - dependency 'io.netty:netty-handler:4.1.94.Final' + dependencySet(group: 'com.squareup.okhttp3', version: '4.11.0') { + entry 'okhttp' + entry 'mockwebserver' + } + + // addresses CVE-2023-3635 + dependency 'com.squareup.okio:okio:3.4.0' + + // addressing CVE-2022-41881, CVE-2022-41915, CVE-2023-34462 + dependencySet(group: 'io.netty', version: '4.1.95.Final') { + entry 'netty-all' + entry 'netty-handler' + entry 'netty-resolver-dns' + entry 'netty-transport' + entry 'netty-resolver-dns-native-macos' + } /* io.projectreactor.netty:reactor-netty-http:1.0.18 // CVE-2022-31684 \--- com.azure:azure-core-http-netty:1.12.0