1dae690008
This version of commons-compress includes fixes for CVE-2018-1324 [1] and CVE-2018-11771 [2]. Also update tukaani xz to 1.8, which is the version used by commons-compress 1.18. [1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324 [2] https://nvd.nist.gov/vuln/detail/CVE-2018-11771 Change-Id: I4bf8ccc239445f20794844e6ea96005d7c8b9c77
17 lines
520 B
Python
17 lines
520 B
Python
load("//tools/bzl:maven_jar.bzl", "maven_jar")
|
|
|
|
def declare_nongoogle_deps():
|
|
"""loads dependencies that are not used at Google.
|
|
|
|
Changes to versions are exempt from library compliance review. New
|
|
dependencies must pass through library compliance review. This is
|
|
enforced by //lib:nongoogle_test.
|
|
"""
|
|
|
|
# Transitive dependency of commons-compress
|
|
maven_jar(
|
|
name = "tukaani-xz",
|
|
artifact = "org.tukaani:xz:1.8",
|
|
sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
|
|
)
|