diff --git a/CHANGES.md b/CHANGES.md index ede30f8f..b6c6c035 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,6 +3,7 @@ ## [Unreleased] ### Fixed - Fixed zip-slip vulnerability in `ZipMisc`. This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at `eclipse.org`, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. Unlikely! Defense in depth is important, so good to have this fixed, and thanks to @JLLeitschuh for reporting, and with a fix no less! ([#198](https://github.com/diffplug/goomph/pull/198)) +- Bumped all deps to latest. ([#199](https://github.com/diffplug/goomph/pull/199)) ## [3.37.1] - 2022-06-26 ### Fixed diff --git a/build.gradle b/build.gradle index 96ea9bf8..4ccbc15e 100644 --- a/build.gradle +++ b/build.gradle @@ -24,8 +24,8 @@ spotless { } String VER_DURIAN = '1.2.0' -String VER_DURIAN_SWT = '3.5.0' -String VER_BNDLIB = '6.1.0' +String VER_DURIAN_SWT = '3.6.1' +String VER_BNDLIB = '6.3.1' String OLDEST_SUPPORTED_GRADLE = '5.1' String VER_P2_BOOTSTRAP = '4.13.0' @@ -35,15 +35,15 @@ dependencies { implementation "com.diffplug.durian:durian-collect:${VER_DURIAN}" implementation "com.diffplug.durian:durian-io:${VER_DURIAN}" implementation "com.diffplug.durian:durian-swt.os:${VER_DURIAN_SWT}" - implementation "commons-io:commons-io:2.6" - implementation "com.diffplug.spotless:spotless-lib:2.20.0" - implementation "com.squareup.okhttp3:okhttp:4.3.1" - implementation "com.squareup.okio:okio:2.4.3" + implementation "commons-io:commons-io:2.11.0" + implementation "com.diffplug.spotless:spotless-lib:2.28.0" + implementation "com.squareup.okhttp3:okhttp:4.10.0" + implementation "com.squareup.okio:okio:3.2.0" // OSGi implementation "biz.aQute.bnd:biz.aQute.bndlib:${VER_BNDLIB}" // testing testImplementation "junit:junit:4.13.2" - testImplementation "org.assertj:assertj-core:3.20.2" + testImplementation "org.assertj:assertj-core:3.23.1" } configurations.compileClasspath {