Upgrade commons-compress to 1.18 and tukaani xz to 1.8 This version of commons-compress includes fixes for CVE-2018-1324 [1] and CVE-2018-11771 [2]. Also update tukaani xz to 1.8, which is the version used by commons-compress 1.18. [1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324 [2] https://nvd.nist.gov/vuln/detail/CVE-2018-11771 Change-Id: I4bf8ccc239445f20794844e6ea96005d7c8b9c77

commit: 1dae690008bef790eaa9b7e07566740420334a40 [log] [tgz]
author: David Pursehouse <dpursehouse@collab.net> Fri Sep 28 13:15:29 2018 +0900
committer: Jonathan Nieder <jrn@google.com> Mon Jun 03 11:09:49 2019 -0700
tree: 7a1d19e6f25c0ce21b20a54d1e71ec5bf37cffc5
parent: 6b932e16b294be5953233180ab50b785dbfeb04e [diff] [blame]
diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl
index 2e84717..6788bc9 100644
--- a/tools/nongoogle.bzl
+++ b/tools/nongoogle.bzl

@@ -11,6 +11,6 @@
     # Transitive dependency of commons-compress
     maven_jar(
         name = "tukaani-xz",
-        artifact = "org.tukaani:xz:1.6",
-        sha1 = "05b6f921f1810bdf90e25471968f741f87168b64",
+        artifact = "org.tukaani:xz:1.8",
+        sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
     )
commit	1dae690008bef790eaa9b7e07566740420334a40	[log] [tgz]
author	David Pursehouse <dpursehouse@collab.net>	Fri Sep 28 13:15:29 2018 +0900
committer	Jonathan Nieder <jrn@google.com>	Mon Jun 03 11:09:49 2019 -0700
tree	7a1d19e6f25c0ce21b20a54d1e71ec5bf37cffc5
parent	6b932e16b294be5953233180ab50b785dbfeb04e [diff] [blame]