From 57ac3b84df3c8d45cb317aad244d9a0c35a49e55 Mon Sep 17 00:00:00 2001
From: Asif Sohail Mohammed <nsifmoh@amazon.com>
Date: Fri, 29 Sep 2023 19:14:59 +0530
Subject: [PATCH] Fix CVE-2022-45688, CVE-2023-43642 (#3404)

* Fix CVE-2022-45688

Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>

* Fix CVE-2023-43642

Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>

---------

Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
---
 build.gradle | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 55048fff11..4d51229642 100644
--- a/build.gradle
+++ b/build.gradle
@@ -154,9 +154,9 @@ subprojects {
             }
             implementation('org.xerial.snappy:snappy-java') {
                 version {
-                    require '1.1.10.1'
+                    require '1.1.10.5'
                 }
-                because 'Fixes CVE-2023-35165, CVE-2023-34455, CVE-2023-34453, CVE-2023-34454, CVE-2023-2976'
+                because 'Fixes CVE-2023-43642'
             }
             implementation('com.squareup.okio:okio-jvm') {
                 version {
@@ -182,6 +182,12 @@ subprojects {
                 }
                 because 'CVE from transitive dependencies'
             }
+            implementation('org.json:json') {
+                version {
+                    require '20230618'
+                }
+                because 'CVE from transitive dependencies'
+            }
         }
     }