Skip to content

Commit

Permalink
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (#1…
Browse files Browse the repository at this point in the history
…0147) (#10166)

* change dependency version of jgit



* add changelog



---------

Signed-off-by: Poojita Raj <[email protected]>
  • Loading branch information
Poojita-Raj authored Sep 22, 2023
1 parent 2f7f6a1 commit c1c1cee
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Bump `com.zaxxer:SparseBitSet` from 1.2 to 1.3 ([#10098](https://github.com/opensearch-project/OpenSearch/pull/10098))
- Bump `tibdex/github-app-token` from 1.5.0 to 2.1.0 ([#10125](https://github.com/opensearch-project/OpenSearch/pull/10125))
- Bump `org.wiremock:wiremock-standalone` from 2.35.0 to 3.1.0 ([#9752](https://github.com/opensearch-project/OpenSearch/pull/9752))
- Bump `org.eclipse.jgit` from 6.5.0 to 6.7.0 ([#10147](https://github.com/opensearch-project/OpenSearch/pull/10147))

### Changed
- Add instrumentation in rest and network layer. ([#9415](https://github.com/opensearch-project/OpenSearch/pull/9415))
Expand Down
4 changes: 4 additions & 0 deletions buildSrc/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,10 @@ dependencies {
integTestImplementation('org.spockframework:spock-core:2.3-groovy-3.0') {
exclude module: "groovy"
}
implementation('org.ajoberstar.grgit:grgit-core:5.2.0') {
exclude group: 'org.eclipse.jgit', module: 'org.eclipse.jgit'
}
implementation 'org.eclipse.jgit:org.eclipse.jgit:6.7.0.202309050840-r'
}

configurations.all {
Expand Down

0 comments on commit c1c1cee

Please sign in to comment.