Upgrade com.google.protobuf:protobuf-java from 3.7.1 to 3.16.1

Fixes CVE-2021-22569 A potential Denial of Service issue in protobuf-java https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
2022-06-09 16:22:29 +02:00 · 2022-06-09 16:22:29 +02:00 · 9537629e58
commit 9537629e58
parent a8a61f2c44
1 changed files with 10 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -932,6 +932,16 @@
                <artifactId>classgraph</artifactId>
                <version>4.8.112</version>
            </dependency>
+
+            <!-- transitive dependency through org.scalameta:trees_2.13
+                 upgrade to 3.16.1 to fix CVE-2021-22569 A potential Denial of Service issue in protobuf-java
+                 https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
+            -->
+            <dependency>
+                <groupId>com.google.protobuf</groupId>
+                <artifactId>protobuf-java</artifactId>
+                <version>3.16.1</version>
+            </dependency>
        </dependencies>
    </dependencyManagement>