From 3fb15f578ce895efac6fbc755df1b25f6888aa18 Mon Sep 17 00:00:00 2001 From: julianladisch Date: Mon, 29 Aug 2022 18:21:00 +0200 Subject: [PATCH] Upgrade okhttp, kotlin-stdlib, junit fixing vulnerabilities (#1361) - Upgrade okttp to 4.10.0 fixing Information Exposure vuln Upgrade com.squareup.okhttp3:okhttp from 4.8.1 to 4.10.0 fixing an information exposure vulnerability: https://security.snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044 This indirectly upgrades org.jetbrains.kotlin:kotlin-stdlib from 1.3.72 to 1.6.20 fixing an improper locking vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-24329 - Upgrade to junit 4.13.2 fixing Information Exposure (CVE-2020-15250) Upgrade junit from 4.13 to 4.13.2 fixing an Information Exposure vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-15250 --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 6099ef331..00334217d 100644 --- a/build.gradle +++ b/build.gradle @@ -53,7 +53,7 @@ subprojects { dependencies { compile "com.carrotsearch.thirdparty:simple-xml-safe:2.7.1" compile "com.google.guava:guava:30.1.1-jre" - compile "com.squareup.okhttp3:okhttp:4.8.1" + compile "com.squareup.okhttp3:okhttp:4.10.0" compile "com.fasterxml.jackson.core:jackson-annotations:2.13.2" compile "com.fasterxml.jackson.core:jackson-core:2.13.2" compile "com.fasterxml.jackson.core:jackson-databind:2.13.2.2" @@ -63,7 +63,7 @@ subprojects { compileOnly "com.github.spotbugs:spotbugs-annotations:4.1.2" testImplementation "com.squareup.okhttp3:mockwebserver:4.8.1" - testImplementation "junit:junit:4.13" + testImplementation "junit:junit:4.13.2" } [compileJava, compileTestJava].each() { @@ -362,7 +362,7 @@ import org.gradle.internal.os.OperatingSystem; project(':functional') { dependencies { - compile "junit:junit:4.13" + compile "junit:junit:4.13.2" compile project(':api') compile project(':adminapi') }