From 89fbd544afd55f18ecab7a448a3eb7bc2a0f2bb1 Mon Sep 17 00:00:00 2001
From: Alexander Kiel <alexanderkiel@gmx.net>
Date: Mon, 11 Nov 2024 16:53:21 +0100
Subject: [PATCH] Update FHIR Validation to v6.4.0

CVE-2024-51132
---
 modules/admin-api/deps.edn | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/modules/admin-api/deps.edn b/modules/admin-api/deps.edn
index f75e293b9..9bd4c3e0a 100644
--- a/modules/admin-api/deps.edn
+++ b/modules/admin-api/deps.edn
@@ -60,9 +60,26 @@
     info.cqframework/model
     org.apache.commons/commons-collections4]}
 
-  ;; CVE-2024-26308, we need at least 1.26.0
-  org.apache.commons/commons-compress
-  {:mvn/version "1.27.1"}
+  ;; normally contained in ca.uhn.hapi.fhir/hapi-fhir-validation
+  ;; CVE-2024-51132, we need at least 6.4.0
+  ca.uhn.hapi.fhir/org.hl7.fhir.validation
+  {:mvn/version "6.4.0"
+   :exclusions
+   [net.sf.saxon/Saxon-HE
+    org.ogce/xpp3
+    ognl/ognl
+    org.attoparser/attoparser
+    org.unbescape/unbescape
+    org.xerial/sqlite-jdbc
+    commons-beanutils/commons-beanutils
+    org.apache.httpcomponents/httpclient
+    info.cqframework/cql
+    info.cqframework/qdm
+    info.cqframework/quick
+    info.cqframework/cql-to-elm
+    info.cqframework/elm
+    info.cqframework/model
+    org.apache.commons/commons-collections4]}
 
   ca.uhn.hapi.fhir/hapi-fhir-structures-r4
   {:mvn/version "7.4.5"