From 35762ed8d72874d5c291710ef39b9cd52202b28c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20BREVET?= <sbrevet@gatling.io>
Date: Mon, 11 Dec 2023 21:48:26 +0100
Subject: [PATCH] chore: overrides dependencies

Motivation:
Threads scan show infected dependencies.
Our direct dependencies don't have newer version (for now)

Modifications:
 * override dependency both in plugins.sbt and build.sbt (as this project is
    its own plugin)

Result:
Should still work (mostly compatible version)
Should avoid threats
---
 build.sbt           |  7 +++++++
 project/plugins.sbt | 12 ++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/build.sbt b/build.sbt
index b10bef1..e1c93c7 100644
--- a/build.sbt
+++ b/build.sbt
@@ -44,3 +44,10 @@ lazy val root = (project in file("."))
     addSbtPlugin("com.github.sbt"    % "sbt-dynver"   % "5.0.1"),
     libraryDependencies += "org.scalatest" %% "scalatest" % "3.2.17" % Test
   )
+
+ThisBuild / dependencyOverrides ++= Seq(
+  "org.eclipse.jgit"          % "org.eclipse.jgit" % "6.8.0.202311291450-r", // sbt-scalafix
+  "ch.qos.logback"            % "logback-core"     % "1.4.7", // sbt-sonatype
+  "com.google.guava"          % "guava"            % "23.0", // sbt-sonatype
+  "org.apache.httpcomponents" % "httpclient"       % "4.5.14" // sbt-sonatype
+)
diff --git a/project/plugins.sbt b/project/plugins.sbt
index e6e3fa2..1866fed 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -1,8 +1,9 @@
 // ------------------ //
 // -- DEPENDENCIES -- //
 // ------------------ //
-addSbtPlugin("org.scalameta"     % "sbt-scalafmt" % "2.5.2")
-addSbtPlugin("ch.epfl.scala"     % "sbt-scalafix" % "0.11.1")
+addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.5.2")
+addSbtPlugin("ch.epfl.scala" % "sbt-scalafix" % "0.11.1")
+
 addSbtPlugin("com.github.sbt"    % "sbt-release"  % "1.1.0")
 addSbtPlugin("com.github.sbt"    % "sbt-pgp"      % "2.2.1")
 addSbtPlugin("de.heikoseeberger" % "sbt-header"   % "5.10.0")
@@ -12,3 +13,10 @@ addSbtPlugin("com.github.sbt"    % "sbt-dynver"   % "5.0.1")
 // This project is its own plugin :)
 Compile / unmanagedSourceDirectories += baseDirectory.value.getParentFile / "src" / "main" / "scala"
 Compile / unmanagedResourceDirectories += baseDirectory.value.getParentFile / "src" / "main" / "resources"
+
+dependencyOverrides ++= Seq(
+  "org.eclipse.jgit"          % "org.eclipse.jgit" % "6.8.0.202311291450-r", // sbt-scalafix
+  "ch.qos.logback"            % "logback-core"     % "1.4.7", // sbt-sonatype
+  "com.google.guava"          % "guava"            % "23.0", // sbt-sonatype
+  "org.apache.httpcomponents" % "httpclient"       % "4.5.14" // sbt-sonatype
+)