Bump commons-compress version to 1.21 and tukaani-xz to 1.9 This update fixes security vulnerability: [1]. [1] https://snyk.io/vuln/maven%3Aorg.apache.commons%3Acommons-compress Change-Id: Ia9ce0e2ce4a7e2ed3d7ed3a1b961ffab3313fc3a

commit: f950839098229c4e0ce062b9ad4d87883719d906 [log] [tgz]
author: David Ostrovsky <david@ostrovsky.org> Sat Jan 08 10:10:09 2022 +0100
committer: David Ostrovsky <david.ostrovsky@gmail.com> Mon Jan 10 14:27:36 2022 +0000
tree: 3d63709d35ffc4af4dbe7239007b3f3a66af9646
parent: 53254477045796b908d61c883f46ee48a47fb2e6 [diff]
diff --git a/WORKSPACE b/WORKSPACE
index 6359814..2602053 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -190,17 +190,17 @@
 # corresponding version
 maven_jar(
     name = "commons-compress",
-    artifact = "org.apache.commons:commons-compress:1.18",
-    sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
+    artifact = "org.apache.commons:commons-compress:1.21",
+    sha1 = "4ec95b60d4e86b5c95a0e919cb172a0af98011ef",
 )
 
 # Transitive dependency of commons_compress. Should only be
 # upgraded at the same time as commons_compress.
 maven_jar(
     name = "tukaani-xz",
-    artifact = "org.tukaani:xz:1.8",
+    artifact = "org.tukaani:xz:1.9",
     attach_source = False,
-    sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
+    sha1 = "1ea4bec1a921180164852c65006d928617bd2caf",
 )
 
 maven_jar(
commit	f950839098229c4e0ce062b9ad4d87883719d906	[log] [tgz]
author	David Ostrovsky <david@ostrovsky.org>	Sat Jan 08 10:10:09 2022 +0100
committer	David Ostrovsky <david.ostrovsky@gmail.com>	Mon Jan 10 14:27:36 2022 +0000
tree	3d63709d35ffc4af4dbe7239007b3f3a66af9646
parent	53254477045796b908d61c883f46ee48a47fb2e6 [diff]