Update commons-io to prevent CVE-2024-47554

seblm · Nov 30, 2024 · 4dd8e37 · 4dd8e37
1 parent ead6384
commit 4dd8e37
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/build.sbt b/build.sbt
@@ -25,6 +25,7 @@ lazy val `jgiven-scalatest-reporter` = project
   .settings(
     commonSettings,
     scalaVersion := "2.13.15",
+    libraryDependencies += `commons-io`,
     libraryDependencies += `jgiven-core`,
     libraryDependencies += `jgiven-html5-report`,
     libraryDependencies += `log4j-slf4j-impl`,

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -4,9 +4,10 @@ object Dependencies {
 
   private val jGivenVersion = "1.3.1"
 
+  lazy val `commons-io` = "commons-io" % "commons-io" % "2.18.0" % Runtime // Please remove this dependency once jgiven-html5-report will transitively depend on it
   lazy val gson = "com.google.code.gson" % "gson" % "2.11.0"
   lazy val `jgiven-core` = "com.tngtech.jgiven" % "jgiven-core" % jGivenVersion
-  lazy val `jgiven-html5-report` = "com.tngtech.jgiven" % "jgiven-html5-report" % jGivenVersion
+  lazy val `jgiven-html5-report` = "com.tngtech.jgiven" % "jgiven-html5-report" % jGivenVersion exclude ("commons-io", "commons-io")
   lazy val `log4j-slf4j-impl` = "org.apache.logging.log4j" % "log4j-slf4j2-impl" % "2.24.2" % Test
   lazy val scalatest = "org.scalatest" %% "scalatest" % "3.2.19"
   lazy val `slf4j-api` = "org.slf4j" % "slf4j-api" % "2.0.16"