From dc938219a73e62087d581cfa55b983a5e3e218c2 Mon Sep 17 00:00:00 2001 From: Vijayan Balasubramanian Date: Tue, 12 Mar 2024 12:03:01 -0700 Subject: [PATCH] Adjusted dependency versions to address CVEs Adjusted com.github.seancfoley:ipaddress version to address CVE. Adjusted org.apache.commons:commons-compress to address CVE. Added commons-io:commons-io due to above update. Signed-off-by: Vijayan Balasubramanian --- CHANGELOG.md | 1 + build.gradle | 2 +- libs/h3/build.gradle | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0c309aa..6e3ac964 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ See the [CONTRIBUTING guide](./CONTRIBUTING.md#Changelog) for instructions on ho ### Features ### Enhancements ### Bug Fixes +* Adjusted dependency versions to address CVEs ([#635](https://github.com/opensearch-project/geospatial/pull/635)) ### Infrastructure ### Documentation ### Maintenance diff --git a/build.gradle b/build.gradle index 8618bed2..8a08474d 100644 --- a/build.gradle +++ b/build.gradle @@ -171,7 +171,7 @@ dependencies { implementation "org.apache.commons:commons-csv:1.10.0" zipArchive group: 'org.opensearch.plugin', name:'opensearch-job-scheduler', version: "${opensearch_build}" compileOnly "org.opensearch:opensearch-job-scheduler-spi:${opensearch_build}" - implementation "com.github.seancfoley:ipaddress:5.4.0" + implementation "com.github.seancfoley:ipaddress:5.4.2" } licenseHeaders.enabled = true diff --git a/libs/h3/build.gradle b/libs/h3/build.gradle index c0ff95e4..a9f7172a 100644 --- a/libs/h3/build.gradle +++ b/libs/h3/build.gradle @@ -38,7 +38,8 @@ dependencies { api "org.apache.logging.log4j:log4j-api:${versions.log4j}" api "org.apache.logging.log4j:log4j-core:${versions.log4j}" testImplementation "org.opensearch.test:framework:${opensearch_version}" - testImplementation "org.apache.commons:commons-compress:1.21" + testImplementation 'commons-io:commons-io:2.15.1' + testImplementation "org.apache.commons:commons-compress:1.26.0" testImplementation "org.apache.lucene:lucene-spatial3d:${versions.lucene}" } licenseFile = "LICENSE.txt"