From ed629f907a77124b44082888f57e3794163287de Mon Sep 17 00:00:00 2001
From: Julian Ladisch <julianladisch@users.noreply.github.com>
Date: Mon, 5 Aug 2024 10:30:54 +0200
Subject: [PATCH] CIRCSTORE-520: Upgrade Vertx from 4.5.5 to 4.5.9 fixing
 Snappy vulns

https://folio-org.atlassian.net/browse/CIRCSTORE-520

Upgrade Vert.x from 4.5.5 to 4.5.9.

This indirectly upgrades snappy-java from 1.1.10.0 to 1.1.10.5 fixing these vulnerablities:

* https://nvd.nist.gov/vuln/detail/CVE-2023-43642  Allocation of Resources Without Limits or Throttling
* https://nvd.nist.gov/vuln/detail/CVE-2023-34455  Denial of Service (DoS)
* https://nvd.nist.gov/vuln/detail/CVE-2023-34453  Integer Overflow or Wraparound
* https://nvd.nist.gov/vuln/detail/CVE-2023-34454  Integer Overflow or Wraparound
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 29990daa..0a4a9b26 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <ramlfiles_path>${basedir}/ramls</ramlfiles_path>
-    <vertx-version>4.5.5</vertx-version>
+    <vertx-version>4.5.9</vertx-version>
     <raml-module-builder-version>35.2.0</raml-module-builder-version>
     <spring.version>6.1.5</spring.version>
     <argLine />