upgrade vulnerable dependencies

optimism-java · Sep 26, 2024 · a444ed2 · a444ed2
1 parent 8422961
commit a444ed2
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/build.gradle b/build.gradle
@@ -18,6 +18,7 @@ plugins {
 	id "com.diffplug.spotless" version "6.23.3"
 	id "net.ltgt.errorprone" version "3.1.0"
 	id 'com.github.johnrengelman.shadow' version '8.1.1'
+	id 'org.owasp.dependencycheck' version '10.0.4'
 //    id 'org.unbroken-dome.test-sets' version '4.0.0'
 //    id 'maven-publish'
 //    id "io.github.gradle-nexus.publish-plugin" version "1.1.0"
@@ -26,7 +27,6 @@ plugins {
 
 group 'io.optimism'
 version '0.4.4'
-
 repositories {
 	// Use Maven Central for resolving dependencies.
 	mavenCentral()
@@ -94,9 +94,12 @@ dependencies {
 	implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
 
 	//jsonrpc
-	implementation('io.vertx:vertx-auth-jwt:4.4.2')
-	implementation('io.vertx:vertx-core:4.4.2')
-	implementation('io.vertx:vertx-web:4.4.2')
+	implementation('io.vertx:vertx-auth-jwt:4.5.3') {
+		exclude group: 'io.netty', module: 'netty-codec-http'
+	}
+	implementation('io.vertx:vertx-core:4.5.3')
+	implementation('io.vertx:vertx-web:4.5.3')
+	implementation('io.netty:netty-all:4.1.108.Final')
 
 	implementation 'io.micrometer:micrometer-registry-prometheus:1.11.0'
 	implementation platform('io.micrometer:micrometer-tracing-bom:1.1.1')
@@ -127,7 +130,9 @@ dependencies {
 
 //	implementation 'io.tmio:tuweni-devp2p:2.4.2'
 	implementation 'io.tmio:tuweni-ssz:2.4.2'
-	implementation('tech.pegasys.teku.internal:p2p:23.10.0')
+	implementation('tech.pegasys.teku.internal:p2p:23.10.0') {
+		exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
+	}
 	implementation('tech.pegasys.teku.internal:metrics:23.10.0')
 	implementation('tech.pegasys.teku.internal:async:23.10.0')
 	implementation('tech.pegasys.teku.internal:storage:23.10.0')
@@ -137,9 +142,13 @@ dependencies {
 	implementation('tech.pegasys.teku.internal:unsigned:23.10.0')
 	implementation('tech.pegasys.teku.internal:statetransition:23.10.0')
 	implementation 'tech.pegasys:jc-kzg-4844:0.8.0'
-	implementation('org.hyperledger.besu.internal:metrics-core:23.10.2')
+	implementation('org.hyperledger.besu.internal:metrics-core:23.10.2') {
+		exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
+	}
 	implementation('org.hyperledger.besu:plugin-api:23.10.2')
-	implementation('io.libp2p:jvm-libp2p:1.0.1-RELEASE')
+	implementation('io.libp2p:jvm-libp2p:1.0.1-RELEASE') {
+		exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
+	}
 	implementation 'io.tmio:tuweni-units:2.4.2'
 	implementation('io.tmio:tuweni-crypto:2.4.2'){
 		exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
@@ -151,7 +160,9 @@ dependencies {
 	implementation('org.hyperledger.besu:besu-datatypes:23.10.2')
 
 	implementation 'io.tmio:tuweni-rlp:2.4.2'
-	implementation('tech.pegasys.discovery:discovery:22.12.0')
+	implementation('tech.pegasys.discovery:discovery:22.12.0') {
+		exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
+	}
 	implementation 'org.xerial.snappy:snappy-java:1.1.10.5'
 
 	implementation 'org.apache.logging.log4j:log4j-api:3.0.0-alpha1'