From 0e9fdb5f44b93726df55927eff610e02ebde61b6 Mon Sep 17 00:00:00 2001 From: daz Date: Thu, 4 Apr 2024 09:16:48 -0600 Subject: [PATCH] Update dependency with transitive vulnerability Bump the version of `io.minio:minio` to `8.5.9`, which in turn bumps the version of transitive dependnecy `org.apache.commons:commons-compress` to `1.26.0`. This resolves a Dependabot alert caused by a CVE in `org.apache.common:commons-compress:1.24.0`. --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index deb307d..0dbdd8a 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -3,7 +3,7 @@ [libraries] commons-text = { module = "org.apache.commons:commons-text", version = "1.9" } -minio = { module = "io.minio:minio", version = "8.5.8" } +minio = { module = "io.minio:minio", version = "8.5.9" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.10.2" } [plugins]