Skip to content

Commit

Permalink
Updating Dependencies
Browse files Browse the repository at this point in the history 
Updated tink from 1.14.1 to 1.15.0
Updated protobuf-java from 3.25.3 to 3.25.5 (transitive dependency from
tink, vulnerable in current version of tink)

Addressed CVE:
CVE-2024-7254
  • Loading branch information
@Lewox
Lewox committed Oct 27, 2024
1 parent bf21a67 commit 6772b51
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
3 changes: 3 additions & 0 deletions build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,9 @@ dependencies {

//Audio crypto libraries
implementation(libs.tink)
implementation(libs.protobuf.java) {
because("Overrides transitive dependency from tink to address CVE-2024-7254.")
}

//Sets the dependencies for the examples
configurations["examplesImplementation"].withDependencies {
Expand Down
3 changes: 2 additions & 1 deletion settings.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,9 @@ dependencyResolutionManagement {
library("mockito", "org.mockito", "mockito-core" ).version("5.11.0")
library("reflections", "org.reflections", "reflections" ).version("0.10.2")
library("slf4j", "org.slf4j", "slf4j-api" ).version("2.0.13")
library("tink", "com.google.crypto.tink", "tink" ).version("1.14.1")
library("tink", "com.google.crypto.tink", "tink" ).version("1.15.0")
library("archunit", "com.tngtech.archunit", "archunit" ).version("1.3.0")
library("protobuf-java", "com.google.protobuf", "protobuf-java" ).version("3.25.5")
}
}
}

0 comments on commit 6772b51

Please sign in to comment.