Skip to content

Commit

Permalink
Merge branch 'master' into jsonpath-2.9.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@mergify
mergify[bot] committed Mar 11, 2024
2 parents 681e243 + 9a9324c commit 40f717d
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion spinnaker-dependencies/spinnaker-dependencies.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ ext {
gcp : "25.3.0",
jsch : "0.1.54",
jschAgentProxy : "0.0.9",
// spring boot 2.5.15 specifies logback 1.2.12. Pin to 1.2.13 to resolve
// CVE-2023-6378 and CVE-2023-6481 until spring boot 3.1.7 which brings in
// 1.4.14. See https://logback.qos.ch/news.html#1.3.12.
logback : "1.2.13",
netty : "4.1.100.Final",
protobuf : "3.21.12",
okhttp : "2.7.5", // CVE-2016-2402
Expand Down Expand Up @@ -72,6 +76,15 @@ dependencies {

constraints {
api("cglib:cglib-nodep:3.3.0")
api("ch.qos.logback:logback-core:${versions.logback}") {
force = true
}
api("ch.qos.logback:logback-classic:${versions.logback}") {
force = true
}
api("ch.qos.logback:logback-access:${versions.logback}") {
force = true
}
api("com.amazonaws:aws-java-sdk:${versions.aws}")
api("com.google.api-client:google-api-client:1.30.10") // TODO: Track update for CVE-2020-7692, reanalysis pending.
api("com.google.apis:google-api-services-admin-directory:directory_v1-rev105-1.25.0")
Expand Down Expand Up @@ -142,7 +155,7 @@ dependencies {
api("javax.xml.bind:jaxb-api:2.3.1")
api("net.logstash.logback:logstash-logback-encoder:4.11")
api("org.apache.commons:commons-exec:1.3")
api("org.bitbucket.b_c:jose4j:0.9.3")
api("org.bitbucket.b_c:jose4j:0.9.4")
// from BC 1.71, module names changed from *-jdk15on to *-jdk18on
// due to this change, some of the modules in downstream services like clouddriver, gate would fall back to
// lower versions(<1.70) as transitive dependencies. So to make them use BC >=1.74(CVE free versions),
Expand Down

0 comments on commit 40f717d

Please sign in to comment.