fix: update commons-compression version to fix vuln (#93)

hypertrace · Feb 19, 2024 · df4f796 · df4f796
1 parent 5a2d765
commit df4f796
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/kafka-bom/build.gradle.kts b/kafka-bom/build.gradle.kts
@@ -21,8 +21,8 @@ dependencies {
     api("com.squareup.okio:okio:3.4.0") {
       because("https://nvd.nist.gov/vuln/detail/CVE-2023-3635 in io.confluent:kafka-protobuf-serializer:7.4.0")
     }
-    api("org.apache.commons:commons-compress:1.24.0") {
-      because("https://nvd.nist.gov/vuln/detail/CVE-2023-42503")
+    api("org.apache.commons:commons-compress:1.26.0") {
+      because("https://www.tenable.com/cve/CVE-2024-25710")
     }
 
     api("io.confluent:kafka-streams-avro-serde:$kafkaVersion")