build(deps): force transitive dependencies to fix security checks

eclipse-tractusx · Feb 27, 2025 · 54771a8 · 54771a8
1 parent 175fdc1
commit 54771a8
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -69,9 +69,15 @@ allprojects {
             implementation("org.yaml:snakeyaml:2.4") {
                 because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
             }
-            implementation("net.minidev:json-smart:2.5.1") {
+            implementation("net.minidev:json-smart:2.5.2") {
                 because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
             }
+            implementation("com.azure:azure-core-http-netty:1.15.10") {
+                because("Depends on netty-handler:4.1.115.Final that has a vunlnerability: https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.115.Final")
+            }
+            implementation("software.amazon.awssdk:netty-nio-client:2.30.17") {
+                because("Depends on netty-handler:4.1.115.Final that has a vunlnerability: https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty-handler@4.1.115.Final")
+            }
         }
     }