Skip to content

Commit 305778c

Browse files
tcrespogtcrespog
authored
Upgrade vulnerable dependencies (#534)
1 parent c8ef87a commit 305778c

File tree

3 files changed

+24
-12
lines changed

3 files changed

+24
-12
lines changed

README.md

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -139,12 +139,6 @@ tw CLI is a platform binary executable created by a native compilation from Java
139139
140140
This ensures that SDKMan uses the tower-cli project-specific `.sdkmanrc` configuration.
141141
142-
1. Install `native-image`:
143-
144-
```bash
145-
gu install native-image
146-
```
147-
148142
1. Export your Github credentials. Github requires authentication for public packages (the token only requires the `read:packages` scope):
149143
150144
```bash

build.gradle

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,18 +25,28 @@ repositories {
2525
dependencies {
2626
implementation 'javax.activation:activation:1.1.1'
2727
implementation 'org.slf4j:slf4j-api:1.7.36'
28-
implementation 'ch.qos.logback:logback-core:1.2.11'
29-
implementation 'ch.qos.logback:logback-classic:1.2.11'
28+
implementation 'ch.qos.logback:logback-core:1.5.18'
29+
implementation 'ch.qos.logback:logback-classic:1.5.18'
30+
3031
implementation 'io.seqera.tower:tower-java-sdk:1.43.1'
32+
// Upgrade transitive Jersey client dependencies to non-vulnerable 2.x version
33+
implementation "org.glassfish.jersey.core:jersey-client:2.47"
34+
implementation "org.glassfish.jersey.media:jersey-media-multipart:2.47"
35+
implementation "org.glassfish.jersey.media:jersey-media-json-jackson:2.47"
36+
implementation "org.glassfish.jersey.inject:jersey-hk2:2.47"
37+
3138
implementation 'info.picocli:picocli:4.6.3'
32-
implementation 'org.apache.commons:commons-compress:1.22'
39+
implementation 'org.apache.commons:commons-compress:1.28.0'
3340
implementation 'org.tukaani:xz:1.9'
3441
implementation 'io.github.classgraph:classgraph:4.8.165'
3542
annotationProcessor 'info.picocli:picocli-codegen:4.6.3'
3643

37-
testImplementation 'org.mock-server:mockserver-client-java:5.13.0'
38-
testImplementation 'org.mock-server:mockserver-netty:5.13.0'
39-
testImplementation 'org.mock-server:mockserver-junit-jupiter:5.13.0'
44+
testImplementation 'org.mock-server:mockserver-client-java:5.15.0'
45+
testImplementation 'org.mock-server:mockserver-netty:5.15.0'
46+
testImplementation 'org.mock-server:mockserver-junit-jupiter:5.15.0'
47+
// Upgrade transitive mock-server dependencies to non-vulnerable 2.x version
48+
testImplementation 'commons-io:commons-io:2.20.0'
49+
4050
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2'
4151
testImplementation 'org.junit.jupiter:junit-jupiter-params:5.8.2'
4252
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.2'

conf/reflect-config.json

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5050,6 +5050,14 @@
50505050
"allDeclaredFields":true,
50515051
"allDeclaredMethods":true
50525052
},
5053+
{
5054+
"name": "org.glassfish.jersey.jackson.internal.DefaultJacksonJaxbJsonProvider",
5055+
"allDeclaredConstructors": true
5056+
},
5057+
{
5058+
"name": "com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector",
5059+
"allDeclaredConstructors": true
5060+
},
50535061
{
50545062
"name":"org.jvnet.hk2.internal.DynamicConfigurationServiceImpl",
50555063
"allDeclaredFields":true,

0 commit comments

Comments
 (0)