Replace vulnerable dependencies

2022-03-27 10:08:14 +02:00
parent bf4ce7dbb3
commit 9b56f84dff
3 changed files with 11 additions and 2 deletions
--- a/orx-jvm/orx-kinect-v1-demo/build.gradle
+++ b/orx-jvm/orx-kinect-v1-demo/build.gradle
@@ -9,5 +9,5 @@ dependencies {
    runtimeOnly project(":orx-jvm:orx-kinect-v1-natives-$openrndrOs")
    runtimeOnly "org.openrndr:openrndr-gl3:$openrndrVersion"
    runtimeOnly "org.openrndr:openrndr-gl3-natives-$openrndrOs:$openrndrVersion"
-    runtimeOnly "ch.qos.logback:logback-classic:1.2.3"
+    runtimeOnly "ch.qos.logback:logback-classic:1.2.11"
 }
--- a/orx-jvm/orx-osc/build.gradle
+++ b/orx-jvm/orx-osc/build.gradle
@@ -1,5 +1,8 @@
 dependencies {
-    def withoutSlf4j = { exclude group: 'org.slf4j' }
+    def withoutSlf4j = {
+        exclude group: 'org.slf4j'
+        exclude group: 'log4j'
+    }

    implementation "com.illposed.osc:javaosc-core:0.8", withoutSlf4j
 }
--- a/orx-jvm/orx-rabbit-control/build.gradle
+++ b/orx-jvm/orx-rabbit-control/build.gradle
@@ -9,12 +9,18 @@ sourceSets {
 }

 dependencies {
+
    implementation project(":orx-parameters")
    implementation project(":orx-compositor")
    implementation project(":orx-image-fit")
    implementation project(":orx-fx")

+    // rabbit control 0.3.26 depends on libs with vulnerabilities
+    implementation 'org.yaml:snakeyaml:1.30'
+    implementation 'io.netty:netty-all:4.1.75.Final'
+
    implementation "cc.rabbitcontrol:rcp:0.3.26"
+
    implementation "com.google.zxing:core:3.4.0"
    implementation "com.google.zxing:javase:3.4.0"
    implementation "io.ktor:ktor-server-netty:1.3.1"