Adjusted dependency versions to address CVEs

Adjusted com.github.seancfoley:ipaddress version to address CVE. Adjusted version org.apache.commons:commons-compress to address CVE. Signed-off-by: Vijayan Balasubramanian <[email protected]>
opensearch-project · Mar 12, 2024 · 14eb386 · 14eb386
1 parent a7ed59a
commit 14eb386
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ See the [CONTRIBUTING guide](./CONTRIBUTING.md#Changelog) for instructions on ho
 ### Features
 ### Enhancements
 ### Bug Fixes
+* Adjusted dependency versions to address CVEs ([#635](https://github.com/opensearch-project/geospatial/pull/635))
 ### Infrastructure
 ### Documentation
 ### Maintenance

diff --git a/build.gradle b/build.gradle
@@ -171,7 +171,7 @@ dependencies {
     implementation "org.apache.commons:commons-csv:1.10.0"
     zipArchive group: 'org.opensearch.plugin', name:'opensearch-job-scheduler', version: "${opensearch_build}"
     compileOnly "org.opensearch:opensearch-job-scheduler-spi:${opensearch_build}"
-    implementation "com.github.seancfoley:ipaddress:5.4.0"
+    implementation "com.github.seancfoley:ipaddress:5.4.2"
 }
 
 licenseHeaders.enabled = true

diff --git a/libs/h3/build.gradle b/libs/h3/build.gradle
@@ -38,7 +38,7 @@ dependencies {
     api "org.apache.logging.log4j:log4j-api:${versions.log4j}"
     api "org.apache.logging.log4j:log4j-core:${versions.log4j}"
     testImplementation "org.opensearch.test:framework:${opensearch_version}"
-    testImplementation "org.apache.commons:commons-compress:1.21"
+    testImplementation "org.apache.commons:commons-compress:1.26.0"
     testImplementation "org.apache.lucene:lucene-spatial3d:${versions.lucene}"
 }
 licenseFile = "LICENSE.txt"