Update Apache commons compress to 1.18.0 [reland] This version fixes CVE-2018-1324 [1] and CVE-2018-11771 [2] Also update org.tukaani to 1.8 which is the version commons compress 1.18.0 is using. [1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324 [2] https://nvd.nist.gov/vuln/detail/CVE-2018-11771 Change-Id: I4f991bffd0df909e77cd941994cdfae0615dd4f2

commit: 2e24348e25679963158f1ac41d50a172bab7cef4 [log] [tgz]
author: Matthias Sohn <matthias.sohn@sap.com> Tue Dec 11 15:53:48 2018 -0800
committer: David Pursehouse <dpursehouse@collab.net> Thu Jun 06 09:32:44 2019 +0900
tree: b1fd97b74f854897e5aa9d9eaa7e8edc7bfcea81
parent: d30ae4c6c0d5ac074ec9693730fe36ac7c019306 [diff]
diff --git a/WORKSPACE b/WORKSPACE
index 1d6e531..cd62856 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -194,17 +194,17 @@
 # corresponding version
 maven_jar(
     name = "commons-compress",
-    artifact = "org.apache.commons:commons-compress:1.15",
-    sha1 = "b686cd04abaef1ea7bc5e143c080563668eec17e",
+    artifact = "org.apache.commons:commons-compress:1.18",
+    sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
 )
 
 # Transitive dependency of commons_compress. Should only be
 # upgraded at the same time as commons_compress.
 maven_jar(
     name = "tukaani-xz",
-    artifact = "org.tukaani:xz:1.6",
+    artifact = "org.tukaani:xz:1.8",
     attach_source = False,
-    sha1 = "05b6f921f1810bdf90e25471968f741f87168b64",
+    sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
 )
 
 maven_jar(
commit	2e24348e25679963158f1ac41d50a172bab7cef4	[log] [tgz]
author	Matthias Sohn <matthias.sohn@sap.com>	Tue Dec 11 15:53:48 2018 -0800
committer	David Pursehouse <dpursehouse@collab.net>	Thu Jun 06 09:32:44 2019 +0900
tree	b1fd97b74f854897e5aa9d9eaa7e8edc7bfcea81
parent	d30ae4c6c0d5ac074ec9693730fe36ac7c019306 [diff]