Bump commons-compress version to 1.21 and tukaani-xz to 1.9
This update fixes security vulnerability: [1].
[1] https://snyk.io/vuln/maven%3Aorg.apache.commons%3Acommons-compress
Change-Id: Ia9ce0e2ce4a7e2ed3d7ed3a1b961ffab3313fc3a
diff --git a/WORKSPACE b/WORKSPACE
index 6359814..2602053 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -190,17 +190,17 @@
# corresponding version
maven_jar(
name = "commons-compress",
- artifact = "org.apache.commons:commons-compress:1.18",
- sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
+ artifact = "org.apache.commons:commons-compress:1.21",
+ sha1 = "4ec95b60d4e86b5c95a0e919cb172a0af98011ef",
)
# Transitive dependency of commons_compress. Should only be
# upgraded at the same time as commons_compress.
maven_jar(
name = "tukaani-xz",
- artifact = "org.tukaani:xz:1.8",
+ artifact = "org.tukaani:xz:1.9",
attach_source = False,
- sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
+ sha1 = "1ea4bec1a921180164852c65006d928617bd2caf",
)
maven_jar(