[GH-15764] Specify Versions of commons-compress and protobuf-java in …

…Main Standalone Jar
h2oai · Sep 15, 2023 · 05b1b2e · 05b1b2e
1 parent f6d120b
commit 05b1b2e
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/h2o-assemblies/main/build.gradle b/h2o-assemblies/main/build.gradle
@@ -50,6 +50,10 @@ dependencies {
         exclude group: "org.apache.thrift", module: "libthrift"
     }
 
+    // Upgrade dependencies coming from Hadoop to address vulnerabilities 
+    api "org.apache.commons:commons-compress:1.21"
+    api "com.google.protobuf:protobuf-java:3.21.7"
+
     constraints {
         api('com.fasterxml.jackson.core:jackson-databind:2.13.4.2') {
             because 'Fixes CVE-2022-42003'