Skip to content

Commit

Permalink
fix security finding
Browse files Browse the repository at this point in the history
  • Loading branch information
@EddeCCC
EddeCCC committed Nov 20, 2024
1 parent b2cc1d0 commit b875ff4
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 11 deletions.
8 changes: 2 additions & 6 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,15 +160,11 @@ dependencies {
"org.apache.commons:commons-math3:${commonsMath3Version}",
"commons-io:commons-io:${commonsIoVersion}",

// If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
// If there is a higher new version, remove the dependency override of okio-jvm
"org.influxdb:influxdb-java:${influxdbJavaVersion}",
// Override transitive dependency with newer version, due to security concerns
"com.squareup.okio:okio-jvm:${okioJvmVersion}"
)

compileOnly "org.projectlombok:lombok"
annotationProcessor "org.projectlombok:lombok"
compileOnly "org.projectlombok:lombok:${lombokVersion}"
annotationProcessor "org.projectlombok:lombok:${lombokVersion}"

testImplementation(
"org.springframework.boot:spring-boot-starter-test",
Expand Down
9 changes: 4 additions & 5 deletions gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,17 @@ openCensusVersion=0.31.1
openCensusInfluxdbExporterVersion=1.2
grpcVersion=1.68.1

# pin Prometheus client to 0.6.0 to prevent auto prefixing counter metrics with "_total"
# @pin Prometheus client to 0.6.0 to prevent auto prefixing counter metrics with "_total"
# see: https://github.com/prometheus/client_java/issues/640, https://github.com/prometheus/client_java/pull/653
# additionally, the version 1.* introduced breaking changes
prometheusClientVersion = 0.6.0
# Keep the OpenTelemetry versions consistent
openTelemetryVersion=1.37.0
openTelemetryAlphaVersion=1.37.0-alpha
openTelemetrySemConvVersion=1.30.1-alpha
openTelemetryProtoVersion=1.1.0-alpha
# Use version of opentelemetry-proto
protobufVersion=3.23.4
protobufVersion=3.25.5

guavaVersion=33.3.1-jre
geoip2Version=4.2.1
Expand All @@ -31,10 +32,7 @@ commonsMath3Version=3.6.1
commonsLang3Version=3.17.0
commonsIoVersion=2.18.0

# If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
# If there is a higher new version, remove the dependency override of okio-jvm
influxdbJavaVersion=2.24
okioJvmVersion=3.5.0

armeriaVersion=1.31.0
testContainersVersion=1.20.3
Expand All @@ -50,3 +48,4 @@ cyclonedxBomVersion=1.10.0
# com.palantir.docker
palantirDockerVersion=0.36.0
versionsPlugin=0.51.0
lombokVersion=1.18.36

0 comments on commit b875ff4

Please sign in to comment.