Git Repo Viewer
git.user254.kr/gitiles/f950839098229c4e0ce062b9ad4d87883719d906^!/.
commit
f950839098229c4e0ce062b9ad4d87883719d906
[log] [tgz]
author
David Ostrovsky <[email protected]>
Sat Jan 08 10:10:09 2022 +0100
committer
David Ostrovsky <[email protected]>
Mon Jan 10 14:27:36 2022 +0000
tree
3d63709d35ffc4af4dbe7239007b3f3a66af9646
parent
53254477045796b908d61c883f46ee48a47fb2e6 [diff]
Bump commons-compress version to 1.21 and tukaani-xz to 1.9

This update fixes security vulnerability: [1].

[1] https://snyk.io/vuln/maven%3Aorg.apache.commons%3Acommons-compress

Change-Id: Ia9ce0e2ce4a7e2ed3d7ed3a1b961ffab3313fc3a

diff --git a/WORKSPACE b/WORKSPACE
index 6359814..2602053 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -190,17 +190,17 @@
 # corresponding version
 maven_jar(
     name = "commons-compress",
-    artifact = "org.apache.commons:commons-compress:1.18",
-    sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
+    artifact = "org.apache.commons:commons-compress:1.21",
+    sha1 = "4ec95b60d4e86b5c95a0e919cb172a0af98011ef",
 )
 
 # Transitive dependency of commons_compress. Should only be
 # upgraded at the same time as commons_compress.
 maven_jar(
     name = "tukaani-xz",
-    artifact = "org.tukaani:xz:1.8",
+    artifact = "org.tukaani:xz:1.9",
     attach_source = False,
-    sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
+    sha1 = "1ea4bec1a921180164852c65006d928617bd2caf",
 )
 
 maven_jar(