From 1d7fda885186caef197fd7b74beb0e6837a7a7f0 Mon Sep 17 00:00:00 2001 From: John Andre Hestad Date: Thu, 28 Sep 2023 14:13:35 +0200 Subject: [PATCH] Bump usikre dependencies --- build.gradle.kts | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/build.gradle.kts b/build.gradle.kts index 2667682002..3bb66c332e 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -169,6 +169,56 @@ subprojects { require("3.2.2") } } + + implementation("org.xerial.snappy:snappy-java ") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/12 https://github.com/advisories/GHSA-55g7-9cwv-5qfv") + version { + require("1.1.10.4") + } + } + implementation("org.eclipse.jgit:org.eclipse.jgit") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/11 https://github.com/advisories/GHSA-3p86-9955-h393") + version { + require("6.7.0.202309050840-r") + } + } + implementation("org.apache.commons:commons-compress") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/10 https://github.com/advisories/GHSA-cgwf-w82q-5jrr") + version{ + require("") + } + } + implementation("org.bouncycastle:bcprov-jdk15on") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/1 https://github.com/advisories/GHSA-6xx3-rg99-gc3p https://github.com/navikt/su-se-bakover/security/dependabot/8 https://github.com/advisories/GHSA-hr8g-6v94-x4m9") + version{ + // TODO jah: Regarding PR 8: This version is still affected, but no fix yet. + require("1.70") + } + } + implementation("com.squareup.okio:okio") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/6 https://github.com/advisories/GHSA-w33c-445m-f8w7") + version{ + require("3.4.0") + } + } + implementation("io.netty:netty-handler") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/3 https://github.com/advisories/GHSA-6mjq-h674-j845") + version{ + require("4.1.94.Final") + } + } + implementation("com.google.guava:guava") { + because("https://github.com/navikt/su-se-bakover/security/dependabot/2 https://github.com/advisories/GHSA-7g45-4rm6-3mm3 https://github.com/navikt/su-se-bakover/security/dependabot/7 https://github.com/advisories/GHSA-5mg8-w23w-74h3") + version{ + require("32.1.2-jre") + } + } + implementation("com.google.j2objc:j2objc-annotations") { + because("Required by: com.google.guava:guava:32.1.2-jre") + version { + require("2.8") + } + } } }