Skip to content
This repository was archived by the owner on Apr 14, 2023. It is now read-only.

Commit

Permalink
Merge pull request #1717 from finos/bugs/1714-cve-2020-8908
Browse files Browse the repository at this point in the history 
fix(#1714): CVE-2020-8908 Low severity vulnerability in Guava
  • Loading branch information
@tjohnson-scottlogic
tjohnson-scottlogic authored Jan 8, 2021
2 parents 74cb502 + 851b8e0 commit 7bd7f62
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 0 deletions.
9 changes: 9 additions & 0 deletions common/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,15 @@ dependencies {
compile "com.fasterxml.jackson.core:jackson-databind:${JACKSON_VERSION}"
compile group: "com.google.inject", name: "guice", version: "${GUICE_VERSION}"

constraints {
compile('com.google.guava:guava:30.0-jre') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
compile('com.google.guava:guava:30.0-android') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
}

implementation "org.threeten:threeten-extra:${THREE_TEN_VERSION}"
testCompile "org.junit.jupiter:junit-jupiter-api:${JUNIT_JUPITER_VERSION}"
testCompile "junit:junit:${JUNIT_4_VERSION}"
Expand Down
9 changes: 9 additions & 0 deletions core/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,15 @@ dependencies {
}
}

constraints {
compile('com.google.guava:guava:30.0-jre') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
compile('com.google.guava:guava:30.0-android') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
}

testCompile project(":common").sourceSets.test.output
testCompile "org.junit.jupiter:junit-jupiter-api:${JUNIT_JUPITER_VERSION}"
testCompile "junit:junit:${JUNIT_4_VERSION}"
Expand Down
9 changes: 9 additions & 0 deletions output/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,15 @@ dependencies {
compile "org.apache.commons:commons-csv:${COMMONS_CSV_VERSION}"
compile "com.google.inject:guice:${GUICE_VERSION}"

constraints {
compile('com.google.guava:guava:30.0-jre') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
compile('com.google.guava:guava:30.0-android') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
}

testCompile project(":common").sourceSets.test.output
testCompile "org.junit.jupiter:junit-jupiter-api:${JUNIT_JUPITER_VERSION}"
testCompile "junit:junit:${JUNIT_4_VERSION}"
Expand Down
9 changes: 9 additions & 0 deletions playground/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,15 @@ dependencies {
testCompile "org.junit.jupiter:junit-jupiter-params:${JUNIT_JUPITER_VERSION}"
testCompile "org.junit.jupiter:junit-jupiter-engine:${JUNIT_JUPITER_VERSION}"
testImplementation("org.junit.jupiter:junit-jupiter:${JUNIT_JUPITER_VERSION}")

constraints {
compile('com.google.guava:guava:30.0-jre') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
compile('com.google.guava:guava:30.0-android') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
}
}

test {
Expand Down
9 changes: 9 additions & 0 deletions profile/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,15 @@ dependencies {
}
}

constraints {
compile('com.google.guava:guava:30.0-jre') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
compile('com.google.guava:guava:30.0-android') {
because 'Versions prior to 30.0 are impacted by CVE-2020-8908'
}
}

testCompile project(":common").sourceSets.test.output
testCompile "org.junit.jupiter:junit-jupiter-api:${JUNIT_JUPITER_VERSION}"
testCompile "junit:junit:${JUNIT_4_VERSION}"
Expand Down

0 comments on commit 7bd7f62

Please sign in to comment.