From 4dd8e372280955fe2f60f998c22814ea10b348b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastian=20Le=20Merdy?= <sebastian.lemerdy@gmail.com>
Date: Sat, 30 Nov 2024 08:09:31 +0100
Subject: [PATCH] Update commons-io to prevent CVE-2024-47554

---
 build.sbt                  | 1 +
 project/Dependencies.scala | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/build.sbt b/build.sbt
index 3f93d91..073a96f 100644
--- a/build.sbt
+++ b/build.sbt
@@ -25,6 +25,7 @@ lazy val `jgiven-scalatest-reporter` = project
   .settings(
     commonSettings,
     scalaVersion := "2.13.15",
+    libraryDependencies += `commons-io`,
     libraryDependencies += `jgiven-core`,
     libraryDependencies += `jgiven-html5-report`,
     libraryDependencies += `log4j-slf4j-impl`,
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index b1ff1ac..ad84fa0 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -4,9 +4,10 @@ object Dependencies {
 
   private val jGivenVersion = "1.3.1"
 
+  lazy val `commons-io` = "commons-io" % "commons-io" % "2.18.0" % Runtime // Please remove this dependency once jgiven-html5-report will transitively depend on it
   lazy val gson = "com.google.code.gson" % "gson" % "2.11.0"
   lazy val `jgiven-core` = "com.tngtech.jgiven" % "jgiven-core" % jGivenVersion
-  lazy val `jgiven-html5-report` = "com.tngtech.jgiven" % "jgiven-html5-report" % jGivenVersion
+  lazy val `jgiven-html5-report` = "com.tngtech.jgiven" % "jgiven-html5-report" % jGivenVersion exclude ("commons-io", "commons-io")
   lazy val `log4j-slf4j-impl` = "org.apache.logging.log4j" % "log4j-slf4j2-impl" % "2.24.2" % Test
   lazy val scalatest = "org.scalatest" %% "scalatest" % "3.2.19"
   lazy val `slf4j-api` = "org.slf4j" % "slf4j-api" % "2.0.16"