From 2146bacd2ec15ff976f89f00c499d509026e739b Mon Sep 17 00:00:00 2001 From: Mikhail Date: Fri, 6 Sep 2024 02:26:51 +0100 Subject: [PATCH] Update libs.versions.toml (#8387) Fix CVE-2022-25647 The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks. Bump up version of the gson package. https://github.com/advisories/GHSA-4jrv-ppp4-jm57 --- kotlin/gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kotlin/gradle/libs.versions.toml b/kotlin/gradle/libs.versions.toml index 71783e9ca..35f032c6c 100644 --- a/kotlin/gradle/libs.versions.toml +++ b/kotlin/gradle/libs.versions.toml @@ -6,7 +6,7 @@ plugin-kotlin = "1.6.10" plugin-gver = "0.42.0" kotlinx-benchmark = "0.4.8" junit = "4.12" -gson = "2.8.5" +gson = "2.8.9" moshi-kotlin = "1.11.0" [libraries]