Update commons-io to 2.17.0

JLLeitschuh / ktlint-gradle

A ktlint gradle plugin

MIT License

1.48k stars 163 forks source link

Update commons-io to 2.17.0 #802

Closed jowiho closed 1 day ago

jowiho commented 2 weeks ago

Update the commons-io library to the latest version to mitigate CVE-2024-47554. Though I don't believe that this CVE can be exploited through ktlint-gradle, it's still a good practice to avoid CVEs, if only to stop automated scanners from flagging this (as a false positive).

JLLeitschuh commented 1 week ago

Hi @jowiho!

Thanks for your contribution! This will require an update to our https://github.com/JLLeitschuh/ktlint-gradle/blob/main/CHANGELOG.md. Would you be so kind as to add a line to that doc? Other than that, I'm more than happy to merge this change!

Thank you so much!

jowiho commented 6 days ago

@JLLeitschuh, sure! I've added a commit to update CHANGELOG.md. Thanks for the reminder.