Resolve more vulns in transitive dependencies

chadlwilson · chadlwilson · commit 231ef3dff60c · 2025-07-25T13:37:31.000+08:00
diff --git a/build.gradle b/build.gradle
@@ -87,10 +87,24 @@ dependencies {
         implementation('commons-io:commons-io:2.19.0') {
             because 'spotify docker-client uses an outdated version'
         }
+        implementation('org.apache.commons:commons-compress:1.27.1') {
+            because 'spotify docker-client uses an outdated version'
+        }
+        implementation('org.apache.httpcomponents:httpclient:4.5.14') {
+            because 'spotify docker-client uses an outdated version'
+        }
         implementation('com.github.jnr:jnr-unixsocket:0.38.23') {
             because 'spotify docker-client uses an outdated version'
         }
     }
+    modules {
+        module('org.bouncycastle:bcpkix-jdk15on') {
+            replacedBy('org.bouncycastle:bcpkix-jdk18on', "Everything can go via the JDK 1.8+ BouncyCastle version")
+        }
+    }
+    implementation('org.bouncycastle:bcpkix-jdk18on:1.81') {
+        because 'spotify docker-client uses an outdated version'
+    }
     implementation(platform('com.fasterxml.jackson:jackson-bom:2.19.2')) // because 'spotify docker-client uses an outdated version'
 
     testImplementation project.deps.gocdPluginApi
