From 0f4d099a5df9b4653f341fdff32e794fb81789f0 Mon Sep 17 00:00:00 2001
From: Dhrubo Saha <dhrubo@amazon.com>
Date: Tue, 3 Dec 2024 19:03:40 -0800
Subject: [PATCH] upgrading commons-io and protobuf-java to avoid CVE issues

Signed-off-by: Dhrubo Saha <dhrubo@amazon.com>
---
 ml-algorithms/build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ml-algorithms/build.gradle b/ml-algorithms/build.gradle
index e51d105f0d..5cb1fc0e24 100644
--- a/ml-algorithms/build.gradle
+++ b/ml-algorithms/build.gradle
@@ -20,7 +20,7 @@ dependencies {
     compile group: 'org.tribuo', name: 'tribuo-clustering-kmeans', version: '4.2.1'
     compile group: 'org.tribuo', name: 'tribuo-regression-sgd', version: '4.2.1'
     compile group: 'org.tribuo', name: 'tribuo-anomaly-libsvm', version: '4.2.1'
-    compile group: 'commons-io', name: 'commons-io', version: '2.11.0'
+    compile group: 'commons-io', name: 'commons-io', version: '2.14.0'
     compile group: 'software.amazon.randomcutforest', name: 'randomcutforest-parkservices', version: '3.0-rc2.1'
     compile group: 'software.amazon.randomcutforest', name: 'randomcutforest-core', version: '3.0-rc2.1'
     compile group: 'io.protostuff', name: 'protostuff-core', version: '1.8.0'
@@ -34,7 +34,7 @@ dependencies {
 }
 
 configurations.all {
-    resolutionStrategy.force 'com.google.protobuf:protobuf-java:3.21.9'
+    resolutionStrategy.force 'com.google.protobuf:protobuf-java:3.25.5'
 }
 
 jacocoTestReport {