diff --git a/.snyk b/.snyk index b110c2cbf..12ef73976 100644 --- a/.snyk +++ b/.snyk @@ -76,13 +76,29 @@ ignore: reason: >- bc-fips forced to 2.1.2. Residual if Confluent test jars override. expires: 2026-06-30T00:00:00.000Z - SNYK-JAVA-ORGCODEHAUSPLEXUS-15766699: + SNYK-JAVA-IONETTY-17254661: - '*': reason: >- - plexus-utils 3.5.1 is a transitive test dependency (Confluent test - jars). Fix requires 4.0.3 which is a major version bump breaking - API. Not in production runtime. - expires: 2026-06-30T00:00:00.000Z + netty-codec-http2 forced to 4.2.15.Final in resolutionStrategy + which is the Snyk fixed_in version. Residual reports from test-scope + Confluent jars that may override the force are not in production + runtime. + expires: 2027-06-30T00:00:00.000Z + SNYK-JAVA-IONETTY-17260879: + - '*': + reason: >- + netty-transport-native-unix-common forced to 4.2.15.Final in + resolutionStrategy which is the Snyk fixed_in version. Residual + reports from test-scope Confluent jars are not in production + runtime. + expires: 2027-06-30T00:00:00.000Z + SNYK-JAVA-IONETTY-17261131: + - '*': + reason: >- + netty-resolver-dns forced to 4.2.15.Final in resolutionStrategy + which is the Snyk fixed_in version. Residual reports from test-scope + Confluent jars are not in production runtime. + expires: 2027-06-30T00:00:00.000Z SNYK-JAVA-ORGECLIPSEJETTY-15426509: - '*': reason: >- diff --git a/build.gradle b/build.gradle index 76edcb8a2..5e4d11a2c 100644 --- a/build.gradle +++ b/build.gradle @@ -59,12 +59,14 @@ configurations.all { force("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:" + jacksonVersion) force("com.fasterxml.jackson.module:jackson-module-scala_" + kafkaScalaVersion + ":" + jacksonVersion) - force("io.netty:netty-codec-http:4.2.13.Final") - force("io.netty:netty-codec-http2:4.2.13.Final") - force("io.netty:netty-handler-proxy:4.2.13.Final") - force("io.netty:netty-transport-classes-epoll:4.2.13.Final") - force("io.netty:netty-codec-dns:4.2.13.Final") - force("io.netty:netty-all:4.2.13.Final") + force("io.netty:netty-codec-http:4.2.15.Final") + force("io.netty:netty-codec-http2:4.2.15.Final") + force("io.netty:netty-handler-proxy:4.2.15.Final") + force("io.netty:netty-transport-classes-epoll:4.2.15.Final") + force("io.netty:netty-codec-dns:4.2.15.Final") + force("io.netty:netty-all:4.2.15.Final") + force("io.netty:netty-transport-native-unix-common:4.2.15.Final") + force("io.netty:netty-resolver-dns:4.2.15.Final") force("io.grpc:grpc-netty-shaded:1.75.0") force("org.apache.commons:commons-lang3:3.18.0") force("io.vertx:vertx-core:4.5.27") @@ -79,6 +81,7 @@ configurations.all { force("org.bouncycastle:bcprov-jdk18on:1.84") force("org.bouncycastle:bc-fips:2.1.2") force("org.apache.zookeeper:zookeeper:3.9.5") + force("org.codehaus.plexus:plexus-utils:3.6.1") force("org.eclipse.jetty:jetty-http:12.0.33") force("org.eclipse.jetty:jetty-server:12.0.33") force("org.eclipse.jetty:jetty-client:12.0.33")