fix: update commons-compression version to fix vuln (#93)

GurtejSohi · web-flow · commit df4f79666cf1 · 2024-02-19T23:15:58.000+05:30
diff --git a/kafka-bom/build.gradle.kts b/kafka-bom/build.gradle.kts
@@ -21,8 +21,8 @@ dependencies {
     api("com.squareup.okio:okio:3.4.0") {
       because("https://nvd.nist.gov/vuln/detail/CVE-2023-3635 in io.confluent:kafka-protobuf-serializer:7.4.0")
     }
-    api("org.apache.commons:commons-compress:1.24.0") {
-      because("https://nvd.nist.gov/vuln/detail/CVE-2023-42503")
+    api("org.apache.commons:commons-compress:1.26.0") {
+      because("https://www.tenable.com/cve/CVE-2024-25710")
     }
 
     api("io.confluent:kafka-streams-avro-serde:$kafkaVersion")

Original file line number	Diff line number	Diff line change
`@@ -21,8 +21,8 @@ dependencies {`
`21`	`21`	`api("com.squareup.okio:okio:3.4.0") {`
`22`	`22`	`because("https://nvd.nist.gov/vuln/detail/CVE-2023-3635 in io.confluent:kafka-protobuf-serializer:7.4.0")`
`23`	`23`	`}`
`24`		`- api("org.apache.commons:commons-compress:1.24.0") {`
`25`		`- because("https://nvd.nist.gov/vuln/detail/CVE-2023-42503")`
	`24`	`+ api("org.apache.commons:commons-compress:1.26.0") {`
	`25`	`+ because("https://www.tenable.com/cve/CVE-2024-25710")`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`api("io.confluent:kafka-streams-avro-serde:$kafkaVersion")`