Skip to content

Commit

Permalink
Update build.gradle to fix vulnerable sub-dependencies
Browse files Browse the repository at this point in the history 
Specifically:
1. CVE-2022-42003, CVE-2021-46877, CVE-2022-42004, and CVE-2020-36518, all caused by com.fasterxml.jackson.core:jackson-databind version 2.13.0.
2.  CVE-2023-3635, caused by com.squareup.okio:okio version 3.2.0 and com.squareup.okio:okio-jvm version 3.2.0.

These vulnerabilities don't affect end users of the mod. Only developers were potentially affected. Then again, the attack vectors for these CVEs aren't super relevant when compiling Minecraft mods. So, do update your forks, but don't worry too much.
  • Loading branch information
@Alexander01998
Alexander01998 authored Apr 17, 2024
1 parent 5a42c94 commit c6a55a8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions build.gradle
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
buildscript {
dependencies {
classpath 'org.kohsuke:github-api:1.135'
classpath 'org.kohsuke:github-api:1.321'
}
}

Expand All @@ -9,7 +9,7 @@ plugins {
id 'maven-publish'
id 'com.matthewprenger.cursegradle' version '1.4.0'
id "com.modrinth.minotaur" version "2.+"
id 'com.diffplug.spotless' version '6.23.3'
id 'com.diffplug.spotless' version '6.25.0'
}

def ENV = System.getenv()
Expand Down

0 comments on commit c6a55a8

Please sign in to comment.