Update Apache commons compress to 1.18.0
This version fixes CVE-2018-1324 [1] and CVE-2018-11771 [2]
Also update org.tukaani to 1.8 which is the version commons
compress 1.18.0 is using.
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-11771
Change-Id: I6dbb2f793169b4c32609d01be57e93eeab12e853
diff --git a/WORKSPACE b/WORKSPACE
index 1815663..abedd84 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -189,17 +189,17 @@
# corresponding version
maven_jar(
name = "commons_compress",
- artifact = "org.apache.commons:commons-compress:1.15",
- sha1 = "b686cd04abaef1ea7bc5e143c080563668eec17e",
+ artifact = "org.apache.commons:commons-compress:1.18",
+ sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
)
# Transitive dependency of commons_compress. Should only be
# upgraded at the same time as commons_compress.
maven_jar(
name = "tukaani_xz",
- artifact = "org.tukaani:xz:1.6",
+ artifact = "org.tukaani:xz:1.8",
attach_source = False,
- sha1 = "05b6f921f1810bdf90e25471968f741f87168b64",
+ sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
)
maven_jar(