Constrain build dependency to address security vulnerability

bigdaz · bigdaz · commit db3a4faf1784 · 2024-10-30T17:54:47.000-06:00
diff --git a/plugin/build.gradle.kts b/plugin/build.gradle.kts
@@ -12,9 +12,10 @@ buildscript {
     }
     dependencies {
         constraints {
-            // The plugin com.github.breadmoirai.github-release:2.5.2 has dependency on com.squareup.okio:okio:3.0.0
-            // which has reported vulnerability CVE-2023-3635. Use a newer version.
+            // The plugin com.github.breadmoirai.github-release:2.5.2 depends on vulnerable library releases.
+            // We constrain these to newer, patched versions.
             classpath(libs.okio)
+            classpath(libs.apache.commons.io)
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,10 @@ buildscript {`
`12`	`12`	`}`
`13`	`13`	`dependencies {`
`14`	`14`	`constraints {`
`15`		`- // The plugin com.github.breadmoirai.github-release:2.5.2 has dependency on com.squareup.okio:okio:3.0.0`
`16`		`- // which has reported vulnerability CVE-2023-3635. Use a newer version.`
	`15`	`+ // The plugin com.github.breadmoirai.github-release:2.5.2 depends on vulnerable library releases.`
	`16`	`+ // We constrain these to newer, patched versions.`
`17`	`17`	`classpath(libs.okio)`
	`18`	`+ classpath(libs.apache.commons.io)`
`18`	`19`	`}`
`19`	`20`	`}`
`20`	`21`	`}`