From 013871010d9e5e2ff807473aa0bfcc41dff3a056 Mon Sep 17 00:00:00 2001
From: Milton Reder <milt@yetanalytics.com>
Date: Wed, 16 Nov 2022 09:30:33 -0500
Subject: [PATCH] exclude msgpack to clear CVE-2022-41719 (#84)

* exclude msgpack to clear CVE-2022-41719

* add comment about CVE
---
 deps.edn | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deps.edn b/deps.edn
index 1fa3488..bddd49b 100644
--- a/deps.edn
+++ b/deps.edn
@@ -14,7 +14,9 @@
         {:mvn/version "0.8.1"
          :exclusions [org.clojure/clojurescript]}
         org.clojure/data.json {:mvn/version "2.4.0"}
-        com.cognitect/transit-clj {:mvn/version "1.0.324"}
+        com.cognitect/transit-clj {:mvn/version "1.0.324"
+                                   ;; clears CVE-2022-41719
+                                   :exclusions [org.msgpack/msgpack]}
         cheshire/cheshire {:mvn/version "5.11.0"}}
  :aliases
  {:cli {:extra-paths ["src/cli"]