From a444ed2dece805e39864dbcaeffb5c35a59ad9bc Mon Sep 17 00:00:00 2001 From: thinkAfCod Date: Tue, 24 Sep 2024 18:10:19 +0800 Subject: [PATCH] upgrade vulnerable dependencies --- build.gradle | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index 1461afb1..da87b369 100644 --- a/build.gradle +++ b/build.gradle @@ -18,6 +18,7 @@ plugins { id "com.diffplug.spotless" version "6.23.3" id "net.ltgt.errorprone" version "3.1.0" id 'com.github.johnrengelman.shadow' version '8.1.1' + id 'org.owasp.dependencycheck' version '10.0.4' // id 'org.unbroken-dome.test-sets' version '4.0.0' // id 'maven-publish' // id "io.github.gradle-nexus.publish-plugin" version "1.1.0" @@ -26,7 +27,6 @@ plugins { group 'io.optimism' version '0.4.4' - repositories { // Use Maven Central for resolving dependencies. mavenCentral() @@ -94,9 +94,12 @@ dependencies { implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5' //jsonrpc - implementation('io.vertx:vertx-auth-jwt:4.4.2') - implementation('io.vertx:vertx-core:4.4.2') - implementation('io.vertx:vertx-web:4.4.2') + implementation('io.vertx:vertx-auth-jwt:4.5.3') { + exclude group: 'io.netty', module: 'netty-codec-http' + } + implementation('io.vertx:vertx-core:4.5.3') + implementation('io.vertx:vertx-web:4.5.3') + implementation('io.netty:netty-all:4.1.108.Final') implementation 'io.micrometer:micrometer-registry-prometheus:1.11.0' implementation platform('io.micrometer:micrometer-tracing-bom:1.1.1') @@ -127,7 +130,9 @@ dependencies { // implementation 'io.tmio:tuweni-devp2p:2.4.2' implementation 'io.tmio:tuweni-ssz:2.4.2' - implementation('tech.pegasys.teku.internal:p2p:23.10.0') + implementation('tech.pegasys.teku.internal:p2p:23.10.0') { + exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on' + } implementation('tech.pegasys.teku.internal:metrics:23.10.0') implementation('tech.pegasys.teku.internal:async:23.10.0') implementation('tech.pegasys.teku.internal:storage:23.10.0') @@ -137,9 +142,13 @@ dependencies { implementation('tech.pegasys.teku.internal:unsigned:23.10.0') implementation('tech.pegasys.teku.internal:statetransition:23.10.0') implementation 'tech.pegasys:jc-kzg-4844:0.8.0' - implementation('org.hyperledger.besu.internal:metrics-core:23.10.2') + implementation('org.hyperledger.besu.internal:metrics-core:23.10.2') { + exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on' + } implementation('org.hyperledger.besu:plugin-api:23.10.2') - implementation('io.libp2p:jvm-libp2p:1.0.1-RELEASE') + implementation('io.libp2p:jvm-libp2p:1.0.1-RELEASE') { + exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on' + } implementation 'io.tmio:tuweni-units:2.4.2' implementation('io.tmio:tuweni-crypto:2.4.2'){ exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on' @@ -151,7 +160,9 @@ dependencies { implementation('org.hyperledger.besu:besu-datatypes:23.10.2') implementation 'io.tmio:tuweni-rlp:2.4.2' - implementation('tech.pegasys.discovery:discovery:22.12.0') + implementation('tech.pegasys.discovery:discovery:22.12.0') { + exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on' + } implementation 'org.xerial.snappy:snappy-java:1.1.10.5' implementation 'org.apache.logging.log4j:log4j-api:3.0.0-alpha1'