Merge pull request #7133 from lpalashevski/security-updates

Update ivy 2.4.0 to 2.5.1
odpi · Nov 23, 2022 · 2f28066 · 2f28066
2 parents d7ceec6 + 1f42223
commit 2f28066
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -299,6 +299,7 @@ allprojects {
             //TODO: Remove dependency line below in case the new parent library is updated and pulls good version.
             runtimeOnly("com.beust:jcommander:1.82")
             runtimeOnly("org.antlr:antlr4:4.11.1")
+            runtimeOnly("org.apache.ivy:ivy:2.5.1")
         }
         implementation platform('net.openhft:chronicle-bom:2.24ea7')
     }

diff --git a/pom.xml b/pom.xml
@@ -3448,6 +3448,13 @@
                 <scope>runtime</scope>
             </dependency>
 
+            <!-- https://nvd.nist.gov/vuln/detail/CVE-2022-37865 org.apache.ivy:ivy:jar:2.4.0 via org.apache.tinkerpop:gremlin-groovy:jar:3.5.2 << org.janusgraph:janusgraph-driver:jar:0.6.1  -->
+            <dependency>
+                <groupId>org.apache.ivy</groupId>
+                <artifactId>ivy</artifactId>
+                <version>2.5.1</version>
+            </dependency>
+
         </dependencies>
 
     </dependencyManagement>