FundingCircle / jackdaw

A Clojure library for the Apache Kafka distributed streaming platform.

https://fundingcircle.github.io/jackdaw/

BSD 3-Clause "New" or "Revised" License

368 stars 80 forks source link

Fix CVEs for netty and apache commons-compress #307

Closed gphilipp closed 2 years ago

gphilipp commented 2 years ago

Fixes CVE-2021-37137, CVE-2021-37136 and CVE-2021-36090. Moving overrides in dependency management as it keeps the structure of the dependency tree as is instead of adding the overriding libs as top level deps.

Checklist

[X] tests
[X] updated CHANGELOG (the "unreleased" section)