Skip to content

Commit 69effa9

Browse files
ndr-brtndr-brt
authored
build(deps): force transitive dependencies to fix security checks (#1817)
* build(deps): force transitive dependencies to fix security checks * dependencies
1 parent 3dd92b4 commit 69effa9

File tree

2 files changed

+26
-20
lines changed

2 files changed

+26
-20
lines changed

DEPENDENCIES

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -7,16 +7,20 @@ maven/mavencentral/com.apicatalog/titanium-json-ld/1.0.0, Apache-2.0, approved,
77
maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.0, Apache-2.0, approved, #15200
88
maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.1, Apache-2.0, approved, #15200
99
maven/mavencentral/com.apicatalog/titanium-json-ld/1.5.0, Apache-2.0, approved, #19372
10+
maven/mavencentral/com.azure/azure-core-http-netty/1.15.10, MIT AND Apache-2.0, approved, #16697
1011
maven/mavencentral/com.azure/azure-core-http-netty/1.15.6, MIT AND Apache-2.0, approved, #16697
1112
maven/mavencentral/com.azure/azure-core-http-netty/1.15.7, MIT AND Apache-2.0, approved, #16697
1213
maven/mavencentral/com.azure/azure-core/1.54.0, MIT, approved, clearlydefined
1314
maven/mavencentral/com.azure/azure-core/1.54.1, MIT, approved, clearlydefined
15+
maven/mavencentral/com.azure/azure-core/1.55.2, , restricted, clearlydefined
1416
maven/mavencentral/com.azure/azure-identity/1.15.0, MIT, approved, #18662
1517
maven/mavencentral/com.azure/azure-json/1.3.0, MIT, approved, clearlydefined
18+
maven/mavencentral/com.azure/azure-json/1.4.0, MIT, approved, clearlydefined
1619
maven/mavencentral/com.azure/azure-storage-blob/12.29.0, MIT, approved, #17273
1720
maven/mavencentral/com.azure/azure-storage-common/12.28.0, MIT, approved, #17275
1821
maven/mavencentral/com.azure/azure-storage-internal-avro/12.14.0, MIT, approved, #17274
1922
maven/mavencentral/com.azure/azure-xml/1.1.0, MIT, approved, clearlydefined
23+
maven/mavencentral/com.azure/azure-xml/1.2.0, , restricted, clearlydefined
2024
maven/mavencentral/com.ethlo.time/itu/1.7.0, Apache-2.0, approved, clearlydefined
2125
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.10.3, Apache-2.0, approved, CQ21280
2226
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.0, Apache-2.0, approved, #5303
@@ -137,64 +141,54 @@ maven/mavencentral/io.micrometer/micrometer-commons/1.14.2, Apache-2.0 AND (Apac
137141
maven/mavencentral/io.micrometer/micrometer-core/1.14.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #17271
138142
maven/mavencentral/io.micrometer/micrometer-observation/1.14.2, Apache-2.0, approved, #17270
139143
maven/mavencentral/io.netty/netty-buffer/4.1.112.Final, Apache-2.0, approved, CQ21842
140-
maven/mavencentral/io.netty/netty-buffer/4.1.115.Final, Apache-2.0, approved, CQ21842
141144
maven/mavencentral/io.netty/netty-buffer/4.1.118.Final, Apache-2.0, approved, CQ21842
142145
maven/mavencentral/io.netty/netty-buffer/4.1.86.Final, Apache-2.0, approved, CQ21842
143146
maven/mavencentral/io.netty/netty-codec-dns/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
144147
maven/mavencentral/io.netty/netty-codec-http/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
145-
maven/mavencentral/io.netty/netty-codec-http/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
146148
maven/mavencentral/io.netty/netty-codec-http/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
147149
maven/mavencentral/io.netty/netty-codec-http/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
148150
maven/mavencentral/io.netty/netty-codec-http2/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
149-
maven/mavencentral/io.netty/netty-codec-http2/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
150151
maven/mavencentral/io.netty/netty-codec-http2/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
151152
maven/mavencentral/io.netty/netty-codec-http2/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
152153
maven/mavencentral/io.netty/netty-codec-socks/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
153-
maven/mavencentral/io.netty/netty-codec-socks/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
154+
maven/mavencentral/io.netty/netty-codec-socks/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
154155
maven/mavencentral/io.netty/netty-codec-socks/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
155156
maven/mavencentral/io.netty/netty-codec/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
156-
maven/mavencentral/io.netty/netty-codec/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
157157
maven/mavencentral/io.netty/netty-codec/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
158158
maven/mavencentral/io.netty/netty-codec/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
159159
maven/mavencentral/io.netty/netty-common/4.1.112.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
160-
maven/mavencentral/io.netty/netty-common/4.1.115.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
161160
maven/mavencentral/io.netty/netty-common/4.1.118.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
162161
maven/mavencentral/io.netty/netty-common/4.1.86.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
163162
maven/mavencentral/io.netty/netty-handler-proxy/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
164-
maven/mavencentral/io.netty/netty-handler-proxy/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
163+
maven/mavencentral/io.netty/netty-handler-proxy/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
165164
maven/mavencentral/io.netty/netty-handler-proxy/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
166165
maven/mavencentral/io.netty/netty-handler/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
167-
maven/mavencentral/io.netty/netty-handler/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
168166
maven/mavencentral/io.netty/netty-handler/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
169167
maven/mavencentral/io.netty/netty-handler/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
170168
maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.112.Final, Apache-2.0, approved, #6367
171169
maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.112.Final, Apache-2.0, approved, #7004
172170
maven/mavencentral/io.netty/netty-resolver-dns/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
173171
maven/mavencentral/io.netty/netty-resolver/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
174-
maven/mavencentral/io.netty/netty-resolver/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
175172
maven/mavencentral/io.netty/netty-resolver/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
176173
maven/mavencentral/io.netty/netty-resolver/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
177174
maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.56.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
178175
maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.65.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
179-
maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.69.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
176+
maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.70.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
180177
maven/mavencentral/io.netty/netty-tcnative-classes/2.0.56.Final, Apache-2.0, approved, clearlydefined
181178
maven/mavencentral/io.netty/netty-tcnative-classes/2.0.65.Final, Apache-2.0, approved, clearlydefined
182-
maven/mavencentral/io.netty/netty-tcnative-classes/2.0.69.Final, Apache-2.0, approved, clearlydefined
179+
maven/mavencentral/io.netty/netty-tcnative-classes/2.0.70.Final, Apache-2.0, approved, clearlydefined
183180
maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.112.Final, Apache-2.0, approved, #6366
184-
maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.115.Final, Apache-2.0, approved, #6366
185181
maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.118.Final, Apache-2.0, approved, #6366
186182
maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.112.Final, Apache-2.0, approved, #4107
187-
maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.115.Final, Apache-2.0, approved, #4107
183+
maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.118.Final, Apache-2.0, approved, #4107
188184
maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
189-
maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
185+
maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
190186
maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
191-
maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
187+
maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
192188
maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
193-
maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
194189
maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
195190
maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
196191
maven/mavencentral/io.netty/netty-transport/4.1.112.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
197-
maven/mavencentral/io.netty/netty-transport/4.1.115.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
198192
maven/mavencentral/io.netty/netty-transport/4.1.118.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
199193
maven/mavencentral/io.netty/netty-transport/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
200194
maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684
@@ -275,10 +269,11 @@ maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-
275269
maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #15196
276270
maven/mavencentral/net.javacrumbs.json-unit/json-unit-core/2.36.0, Apache-2.0, approved, clearlydefined
277271
maven/mavencentral/net.minidev/accessors-smart/2.4.7, Apache-2.0, approved, #7515
278-
maven/mavencentral/net.minidev/accessors-smart/2.5.1, Apache-2.0, approved, #19432
272+
maven/mavencentral/net.minidev/accessors-smart/2.5.2, Apache-2.0, approved, #19432
279273
maven/mavencentral/net.minidev/json-smart/2.4.7, Apache-2.0, approved, #3288
280274
maven/mavencentral/net.minidev/json-smart/2.5.0, Apache-2.0, approved, #19431
281275
maven/mavencentral/net.minidev/json-smart/2.5.1, Apache-2.0, approved, #19431
276+
maven/mavencentral/net.minidev/json-smart/2.5.2, Apache-2.0, approved, #19431
282277
maven/mavencentral/net.sf.jopt-simple/jopt-simple/5.0.4, MIT, approved, CQ13174
283278
maven/mavencentral/net.sf.saxon/Saxon-HE/12.5, W3C-19980720 AND MPL-2.0 AND MPL-1.0, approved, #16061
284279
maven/mavencentral/org.antlr/antlr4-runtime/4.13.2, BSD-3-Clause, approved, #10767
@@ -631,8 +626,8 @@ maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
631626
maven/mavencentral/org.ow2.asm/asm-commons/9.7, BSD-3-Clause, approved, #16465
632627
maven/mavencentral/org.ow2.asm/asm-tree/9.7, BSD-3-Clause, approved, #16466
633628
maven/mavencentral/org.ow2.asm/asm/9.1, BSD-3-Clause, approved, CQ23029
634-
maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
635629
maven/mavencentral/org.ow2.asm/asm/9.7, BSD-3-Clause, approved, #16464
630+
maven/mavencentral/org.ow2.asm/asm/9.7.1, BSD-3-Clause, approved, #16464
636631
maven/mavencentral/org.postgresql/postgresql/42.7.4, BSD-2-Clause AND Apache-2.0, approved, #11681
637632
maven/mavencentral/org.postgresql/postgresql/42.7.5, BSD-2-Clause AND Apache-2.0, approved, #11681
638633
maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332
@@ -666,6 +661,7 @@ maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-C
666661
maven/mavencentral/org.yaml/snakeyaml/2.3, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #16046
667662
maven/mavencentral/org.yaml/snakeyaml/2.4, Apache-2.0, approved, #19469
668663
maven/mavencentral/software.amazon.awssdk/annotations/2.29.50, Apache-2.0, approved, #17015
664+
maven/mavencentral/software.amazon.awssdk/annotations/2.30.17, Apache-2.0, approved, #19166
669665
maven/mavencentral/software.amazon.awssdk/annotations/2.30.26, Apache-2.0, approved, #19166
670666
maven/mavencentral/software.amazon.awssdk/apache-client/2.29.50, Apache-2.0, approved, #17627
671667
maven/mavencentral/software.amazon.awssdk/apache-client/2.30.26, Apache-2.0, approved, clearlydefined
@@ -696,15 +692,18 @@ maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.30.26, Apache-2.0, app
696692
maven/mavencentral/software.amazon.awssdk/http-auth/2.29.50, Apache-2.0, approved, #16998
697693
maven/mavencentral/software.amazon.awssdk/http-auth/2.30.26, Apache-2.0, approved, clearlydefined
698694
maven/mavencentral/software.amazon.awssdk/http-client-spi/2.29.50, Apache-2.0, approved, #17014
695+
maven/mavencentral/software.amazon.awssdk/http-client-spi/2.30.17, Apache-2.0, approved, #19169
699696
maven/mavencentral/software.amazon.awssdk/http-client-spi/2.30.26, Apache-2.0, approved, #19169
700697
maven/mavencentral/software.amazon.awssdk/iam/2.29.50, Apache-2.0, approved, #16993
701698
maven/mavencentral/software.amazon.awssdk/identity-spi/2.29.50, Apache-2.0, approved, #17007
702699
maven/mavencentral/software.amazon.awssdk/identity-spi/2.30.26, Apache-2.0, approved, clearlydefined
703700
maven/mavencentral/software.amazon.awssdk/json-utils/2.29.50, Apache-2.0, approved, #17013
704701
maven/mavencentral/software.amazon.awssdk/json-utils/2.30.26, Apache-2.0, approved, clearlydefined
705702
maven/mavencentral/software.amazon.awssdk/metrics-spi/2.29.50, Apache-2.0, approved, #17006
703+
maven/mavencentral/software.amazon.awssdk/metrics-spi/2.30.17, Apache-2.0, approved, clearlydefined
706704
maven/mavencentral/software.amazon.awssdk/metrics-spi/2.30.26, Apache-2.0, approved, clearlydefined
707705
maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.29.50, Apache-2.0, approved, #17094
706+
maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.30.17, Apache-2.0, approved, #19163
708707
maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.30.26, Apache-2.0, approved, #19163
709708
maven/mavencentral/software.amazon.awssdk/profiles/2.29.50, Apache-2.0, approved, #17012
710709
maven/mavencentral/software.amazon.awssdk/profiles/2.30.26, Apache-2.0, approved, #19171
@@ -725,5 +724,6 @@ maven/mavencentral/software.amazon.awssdk/sts/2.29.50, Apache-2.0, approved, #17
725724
maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.29.50, Apache-2.0, approved, #17008
726725
maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.30.26, Apache-2.0, approved, clearlydefined
727726
maven/mavencentral/software.amazon.awssdk/utils/2.29.50, Apache-2.0, approved, #17625
727+
maven/mavencentral/software.amazon.awssdk/utils/2.30.17, , restricted, clearlydefined
728728
maven/mavencentral/software.amazon.awssdk/utils/2.30.26, Apache-2.0, approved, clearlydefined
729729
maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined

build.gradle.kts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,9 +69,15 @@ allprojects {
6969
implementation("org.yaml:snakeyaml:2.4") {
7070
because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
7171
}
72-
implementation("net.minidev:json-smart:2.5.1") {
72+
implementation("net.minidev:json-smart:2.5.2") {
7373
because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
7474
}
75+
implementation("com.azure:azure-core-http-netty:1.15.10") {
76+
because("Depends on netty-handler:4.1.115.Final that has a vunlnerability: https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.115.Final")
77+
}
78+
implementation("software.amazon.awssdk:netty-nio-client:2.30.17") {
79+
because("Depends on netty-handler:4.1.115.Final that has a vunlnerability: https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.115.Final")
80+
}
7581
}
7682
}
7783

0 commit comments

Comments
 (0)