Update Apache commons compress to 1.18.0 This version fixes CVE-2018-1324 [1] and CVE-2018-11771 [2] Also update org.tukaani to 1.8 which is the version commons compress 1.18.0 is using. [1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324 [2] https://nvd.nist.gov/vuln/detail/CVE-2018-11771 Change-Id: I6dbb2f793169b4c32609d01be57e93eeab12e853

commit: 45e949bae9f43364ff56593bc291594e8cb2e32c [log] [tgz]
author: Matthias Sohn <matthias.sohn@sap.com> Tue Dec 11 15:53:48 2018 -0800
committer: Matthias Sohn <matthias.sohn@sap.com> Tue Dec 11 16:55:15 2018 -0800
tree: 83c1b8793b38af6d23a2b4d372ff54ee959192ca
parent: df88f7d6b9893b4e9389c75eead1a4373bb7c2f5 [diff]
diff --git a/WORKSPACE b/WORKSPACE
index 1815663..abedd84 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -189,17 +189,17 @@
 # corresponding version
 maven_jar(
     name = "commons_compress",
-    artifact = "org.apache.commons:commons-compress:1.15",
-    sha1 = "b686cd04abaef1ea7bc5e143c080563668eec17e",
+    artifact = "org.apache.commons:commons-compress:1.18",
+    sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
 )
 
 # Transitive dependency of commons_compress. Should only be
 # upgraded at the same time as commons_compress.
 maven_jar(
     name = "tukaani_xz",
-    artifact = "org.tukaani:xz:1.6",
+    artifact = "org.tukaani:xz:1.8",
     attach_source = False,
-    sha1 = "05b6f921f1810bdf90e25471968f741f87168b64",
+    sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
 )
 
 maven_jar(
commit	45e949bae9f43364ff56593bc291594e8cb2e32c	[log] [tgz]
author	Matthias Sohn <matthias.sohn@sap.com>	Tue Dec 11 15:53:48 2018 -0800
committer	Matthias Sohn <matthias.sohn@sap.com>	Tue Dec 11 16:55:15 2018 -0800
tree	83c1b8793b38af6d23a2b4d372ff54ee959192ca
parent	df88f7d6b9893b4e9389c75eead1a4373bb7c2f5 [diff]