Address CVEs

deps.edn

@@ -30,13 +30,16 @@
   com.github.seancorfield/honeysql {:mvn/version "2.4.1078"}
   com.github.seancorfield/next.jdbc {:mvn/version "1.3.894"}
   com.stuartsierra/component {:mvn/version "0.3.1"}
+  ;; Override the version brought in by aging-session to address CVE-2020-24164
+  com.taoensso/nippy {:mvn/version "3.3.0"}
 
   digest/digest {:mvn/version "1.4.10"}
   duct/duct {:mvn/version "0.8.2"}
   duct/hikaricp-component {:mvn/version "0.1.2"
                            :exclusions [org.slf4j/slf4j-nop]}
 
-  kirasystems/aging-session {:mvn/version "0.5.0"}
+  kirasystems/aging-session {:mvn/version "0.5.0"
+                             :exclusions [org.clojure/clojurescript]}
 
   one-time/one-time {:mvn/version "0.7.0"
                      :exclusions [ ;; not needed on java 17, addresses CWE-120
@@ -53,6 +56,13 @@
   org.clojure/clojure {:mvn/version "1.11.1"}
   org.clojure/tools.logging {:mvn/version "1.2.4"}
   org.clojure/tools.nrepl {:mvn/version "0.2.11"}
+  ;; Override jetty brought in by aws/api to address CVE-2023-40167,
+  ;; CVE-2023-41900, CVE-2023-36479
+  org.eclipse.jetty/jetty-client {:mvn/version "9.4.53.v20231009"}
+  ;; Override jetty brought in by ring-jetty-adapter to address CVE-2023-40167,
+  ;; CVE-2023-41900, CVE-2023-36479
+  org.eclipse.jetty/jetty-server {:mvn/version "9.4.53.v20231009"}
+
   org.postgresql/postgresql {:mvn/version "42.6.0"}
 
   net.cgrand/regex {:mvn/version "1.0.1"}