From 38b62ae56eb6b91165f8fb4bffe8a0024f8d8a48 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 18:07:44 +0000 Subject: [PATCH 1/2] Initial plan From c8f99cf2778c4d688459b449afc15543ece2100e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 18:18:10 +0000 Subject: [PATCH 2/2] Fix CVE-2025-53864 and CVE-2025-22227 by updating vulnerable dependencies Co-authored-by: trask <218610+trask@users.noreply.github.com> --- agent/agent-tooling/gradle.lockfile | 258 +++++++++++++++++--------- dependencyManagement/build.gradle.kts | 5 +- 2 files changed, 177 insertions(+), 86 deletions(-) diff --git a/agent/agent-tooling/gradle.lockfile b/agent/agent-tooling/gradle.lockfile index 1870bf48f99..f51d2aedf6b 100644 --- a/agent/agent-tooling/gradle.lockfile +++ b/agent/agent-tooling/gradle.lockfile @@ -1,89 +1,177 @@ # This is a Gradle generated file for dependency locking. # Manual edits can break the build and are not advised. # This file is expected to be part of source control. -ch.qos.logback.contrib:logback-json-classic:0.1.5=runtimeClasspath -ch.qos.logback.contrib:logback-json-core:0.1.5=runtimeClasspath -ch.qos.logback:logback-classic:1.3.15=runtimeClasspath -ch.qos.logback:logback-core:1.3.15=runtimeClasspath -com.azure:azure-core-http-netty:1.15.12=runtimeClasspath -com.azure:azure-core:1.55.4=runtimeClasspath -com.azure:azure-identity:1.16.2=runtimeClasspath -com.azure:azure-json:1.5.0=runtimeClasspath -com.azure:azure-monitor-opentelemetry-autoconfigure:1.2.0=runtimeClasspath -com.azure:azure-sdk-bom:1.2.36=runtimeClasspath -com.azure:azure-storage-blob:12.30.1=runtimeClasspath -com.azure:azure-storage-common:12.29.1=runtimeClasspath -com.azure:azure-storage-internal-avro:12.15.1=runtimeClasspath -com.azure:azure-xml:1.2.0=runtimeClasspath -com.fasterxml.jackson.core:jackson-annotations:2.19.2=runtimeClasspath -com.fasterxml.jackson.core:jackson-core:2.19.2=runtimeClasspath -com.fasterxml.jackson.core:jackson-databind:2.19.2=runtimeClasspath -com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.2=runtimeClasspath -com.fasterxml.jackson:jackson-bom:2.19.2=runtimeClasspath -com.github.oshi:oshi-core:6.8.2=runtimeClasspath -com.github.stephenc.jcip:jcip-annotations:1.0-1=runtimeClasspath -com.google.errorprone:error_prone_annotations:2.40.0=runtimeClasspath -com.microsoft.azure:msal4j-persistence-extension:1.3.0=runtimeClasspath -com.microsoft.azure:msal4j:1.21.0=runtimeClasspath -com.nimbusds:content-type:2.3=runtimeClasspath -com.nimbusds:lang-tag:1.7=runtimeClasspath -com.nimbusds:nimbus-jose-jwt:10.0.1=runtimeClasspath -com.nimbusds:oauth2-oidc-sdk:11.23=runtimeClasspath -commons-codec:commons-codec:1.18.0=runtimeClasspath -io.netty:netty-bom:4.2.3.Final=runtimeClasspath -io.netty:netty-buffer:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-base:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-compression:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-dns:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-http2:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-http:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-marshalling:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-protobuf:4.2.3.Final=runtimeClasspath -io.netty:netty-codec-socks:4.2.3.Final=runtimeClasspath -io.netty:netty-codec:4.2.3.Final=runtimeClasspath -io.netty:netty-common:4.2.3.Final=runtimeClasspath -io.netty:netty-handler-proxy:4.2.3.Final=runtimeClasspath -io.netty:netty-handler:4.2.3.Final=runtimeClasspath -io.netty:netty-resolver-dns-classes-macos:4.2.3.Final=runtimeClasspath -io.netty:netty-resolver-dns-native-macos:4.2.3.Final=runtimeClasspath -io.netty:netty-resolver-dns:4.2.3.Final=runtimeClasspath -io.netty:netty-resolver:4.2.3.Final=runtimeClasspath -io.netty:netty-tcnative-boringssl-static:2.0.72.Final=runtimeClasspath -io.netty:netty-tcnative-classes:2.0.72.Final=runtimeClasspath -io.netty:netty-transport-classes-epoll:4.2.3.Final=runtimeClasspath -io.netty:netty-transport-classes-kqueue:4.2.3.Final=runtimeClasspath -io.netty:netty-transport-native-epoll:4.2.3.Final=runtimeClasspath -io.netty:netty-transport-native-kqueue:4.2.3.Final=runtimeClasspath -io.netty:netty-transport-native-unix-common:4.2.3.Final=runtimeClasspath -io.netty:netty-transport:4.2.3.Final=runtimeClasspath -io.opentelemetry.contrib:opentelemetry-jfr-connection:1.47.0-alpha=runtimeClasspath -io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha:2.18.1-alpha=runtimeClasspath -io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom:2.18.1=runtimeClasspath -io.opentelemetry:opentelemetry-api:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-bom-alpha:1.52.0-alpha=runtimeClasspath -io.opentelemetry:opentelemetry-bom:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-common:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-context:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk-common:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk-logs:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk-metrics:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk-trace:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-sdk:1.52.0=runtimeClasspath -io.opentelemetry:opentelemetry-semconv:1.30.1-alpha=runtimeClasspath -io.projectreactor.netty:reactor-netty-core:1.0.48=runtimeClasspath -io.projectreactor.netty:reactor-netty-http:1.0.48=runtimeClasspath -io.projectreactor:reactor-core:3.4.41=runtimeClasspath -net.java.dev.jna:jna-platform:5.17.0=runtimeClasspath -net.java.dev.jna:jna:5.17.0=runtimeClasspath -net.minidev:accessors-smart:2.5.2=runtimeClasspath -net.minidev:json-smart:2.5.2=runtimeClasspath -org.apache.commons:commons-lang3:3.17.0=runtimeClasspath -org.apache.commons:commons-text:1.13.1=runtimeClasspath -org.junit:junit-bom:5.13.3=runtimeClasspath -org.reactivestreams:reactive-streams:1.0.4=runtimeClasspath -org.slf4j:jcl-over-slf4j:2.0.17=runtimeClasspath -org.slf4j:slf4j-api:2.0.17=runtimeClasspath -org.testcontainers:testcontainers-bom:1.21.3=runtimeClasspath +ch.qos.logback.contrib:logback-json-classic:0.1.5=runtimeClasspath,testRuntimeClasspath +ch.qos.logback.contrib:logback-json-core:0.1.5=runtimeClasspath,testRuntimeClasspath +ch.qos.logback:logback-classic:1.3.15=runtimeClasspath,testRuntimeClasspath +ch.qos.logback:logback-core:1.3.15=runtimeClasspath,testRuntimeClasspath +codes.rafael.asmjdkbridge:asm-jdk-bridge:0.0.10=testRuntimeClasspath +com.azure:azure-core-http-netty:1.15.12=runtimeClasspath,testRuntimeClasspath +com.azure:azure-core-test:1.26.2=testRuntimeClasspath +com.azure:azure-core:1.55.4=runtimeClasspath,testRuntimeClasspath +com.azure:azure-identity:1.16.2=runtimeClasspath,testRuntimeClasspath +com.azure:azure-json:1.5.0=runtimeClasspath,testRuntimeClasspath +com.azure:azure-monitor-opentelemetry-autoconfigure:1.2.0=runtimeClasspath,testRuntimeClasspath +com.azure:azure-sdk-bom:1.2.36=runtimeClasspath,testRuntimeClasspath +com.azure:azure-storage-blob:12.30.1=runtimeClasspath,testRuntimeClasspath +com.azure:azure-storage-common:12.29.1=runtimeClasspath,testRuntimeClasspath +com.azure:azure-storage-internal-avro:12.15.1=runtimeClasspath,testRuntimeClasspath +com.azure:azure-xml:1.2.0=runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.core:jackson-annotations:2.19.2=runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.core:jackson-core:2.19.2=runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.core:jackson-databind:2.19.2=runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.19.2=testRuntimeClasspath +com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.2=testRuntimeClasspath +com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.2=runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson:jackson-bom:2.19.2=runtimeClasspath,testRuntimeClasspath +com.fasterxml.woodstox:woodstox-core:7.1.1=testRuntimeClasspath +com.github.oshi:oshi-core:6.8.2=runtimeClasspath,testRuntimeClasspath +com.github.stephenc.jcip:jcip-annotations:1.0-1=runtimeClasspath,testRuntimeClasspath +com.google.cloud.opentelemetry:detector-resources-support:0.36.0=testRuntimeClasspath +com.google.errorprone:error_prone_annotations:2.40.0=runtimeClasspath,testRuntimeClasspath +com.microsoft.azure:msal4j-persistence-extension:1.3.0=runtimeClasspath,testRuntimeClasspath +com.microsoft.azure:msal4j:1.21.0=runtimeClasspath,testRuntimeClasspath +com.nimbusds:content-type:2.3=runtimeClasspath,testRuntimeClasspath +com.nimbusds:lang-tag:1.7=runtimeClasspath,testRuntimeClasspath +com.nimbusds:nimbus-jose-jwt:10.3=runtimeClasspath,testRuntimeClasspath +com.nimbusds:oauth2-oidc-sdk:11.23=runtimeClasspath,testRuntimeClasspath +com.squareup.okhttp3:okhttp-jvm:5.1.0=testRuntimeClasspath +com.squareup.okhttp3:okhttp:5.1.0=testRuntimeClasspath +com.squareup.okio:okio-jvm:3.15.0=testRuntimeClasspath +com.squareup.okio:okio:3.15.0=testRuntimeClasspath +commons-codec:commons-codec:1.18.0=runtimeClasspath,testRuntimeClasspath +commons-io:commons-io:2.15.1=testRuntimeClasspath +io.netty:netty-bom:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-buffer:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-base:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-compression:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-dns:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-http2:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-http:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-marshalling:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-protobuf:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec-socks:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-codec:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-common:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-handler-proxy:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-handler:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-resolver-dns-classes-macos:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-resolver-dns-native-macos:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-resolver-dns:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-resolver:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-tcnative-boringssl-static:2.0.72.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-tcnative-classes:2.0.72.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-transport-classes-epoll:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-transport-classes-kqueue:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-transport-native-epoll:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-transport-native-kqueue:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-transport-native-unix-common:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.netty:netty-transport:4.2.3.Final=runtimeClasspath,testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-aws-resources:1.47.0-alpha=testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-aws-xray-propagator:1.47.0-alpha=testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-azure-resources:1.47.0-alpha=testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-baggage-processor:1.47.0-alpha=testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-cloudfoundry-resources:1.47.0-alpha=testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-gcp-resources:1.47.0-alpha=testRuntimeClasspath +io.opentelemetry.contrib:opentelemetry-jfr-connection:1.47.0-alpha=runtimeClasspath,testRuntimeClasspath +io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations-support:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-incubator:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.instrumentation:opentelemetry-instrumentation-api:2.18.1=testRuntimeClasspath +io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha:2.18.1-alpha=runtimeClasspath,testRuntimeClasspath +io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom:2.18.1=runtimeClasspath,testRuntimeClasspath +io.opentelemetry.instrumentation:opentelemetry-sdk-autoconfigure-support:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.javaagent:opentelemetry-javaagent-bootstrap:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.javaagent:opentelemetry-javaagent-extension-api:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.javaagent:opentelemetry-javaagent-tooling-java9:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.javaagent:opentelemetry-javaagent-tooling:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.javaagent:opentelemetry-muzzle:2.18.1-alpha=testRuntimeClasspath +io.opentelemetry.semconv:opentelemetry-semconv-incubating:1.34.0-alpha=testRuntimeClasspath +io.opentelemetry.semconv:opentelemetry-semconv:1.34.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-api-incubator:1.52.0-alpha=testRuntimeClasspath +io.opentelemetry:opentelemetry-api:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-bom-alpha:1.52.0-alpha=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-bom:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-common:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-context:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-common:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-logging-otlp:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-logging:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-otlp-common:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-otlp:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-prometheus:1.52.0-alpha=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-sender-okhttp:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-zipkin:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-extension-kotlin:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-extension-trace-propagators:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-common:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-extension-incubator:1.52.0-alpha=testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-extension-jaeger-remote-sampler:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-logs:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-metrics:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-testing:1.52.0=testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-trace:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk:1.52.0=runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-semconv:1.30.1-alpha=runtimeClasspath,testRuntimeClasspath +io.projectreactor.netty:reactor-netty-core:1.2.8=runtimeClasspath,testRuntimeClasspath +io.projectreactor.netty:reactor-netty-http:1.2.8=runtimeClasspath,testRuntimeClasspath +io.projectreactor:reactor-core:3.7.8=runtimeClasspath,testRuntimeClasspath +io.projectreactor:reactor-test:3.4.38=testRuntimeClasspath +io.prometheus:prometheus-metrics-config:1.3.8=testRuntimeClasspath +io.prometheus:prometheus-metrics-exporter-common:1.3.8=testRuntimeClasspath +io.prometheus:prometheus-metrics-exporter-httpserver:1.3.8=testRuntimeClasspath +io.prometheus:prometheus-metrics-exposition-textformats:1.3.8=testRuntimeClasspath +io.prometheus:prometheus-metrics-model:1.3.8=testRuntimeClasspath +io.zipkin.reporter2:zipkin-reporter:3.5.1=testRuntimeClasspath +io.zipkin.reporter2:zipkin-sender-okhttp3:3.5.1=testRuntimeClasspath +io.zipkin.zipkin2:zipkin:2.27.1=testRuntimeClasspath +javax.servlet:javax.servlet-api:3.1.0=testRuntimeClasspath +net.bytebuddy:byte-buddy-agent:1.12.19=testRuntimeClasspath +net.bytebuddy:byte-buddy-dep:1.17.6=testRuntimeClasspath +net.java.dev.jna:jna-platform:5.17.0=runtimeClasspath,testRuntimeClasspath +net.java.dev.jna:jna:5.17.0=runtimeClasspath,testRuntimeClasspath +net.minidev:accessors-smart:2.5.2=runtimeClasspath,testRuntimeClasspath +net.minidev:json-smart:2.5.2=runtimeClasspath,testRuntimeClasspath +org.apache.commons:commons-compress:1.26.0=testRuntimeClasspath +org.apache.commons:commons-lang3:3.17.0=runtimeClasspath,testRuntimeClasspath +org.apache.commons:commons-text:1.13.1=runtimeClasspath,testRuntimeClasspath +org.assertj:assertj-core:3.27.3=testRuntimeClasspath +org.awaitility:awaitility:4.3.0=testRuntimeClasspath +org.codehaus.woodstox:stax2-api:4.2.2=testRuntimeClasspath +org.eclipse.jetty:jetty-http:9.4.54.v20240208=testRuntimeClasspath +org.eclipse.jetty:jetty-io:9.4.54.v20240208=testRuntimeClasspath +org.eclipse.jetty:jetty-security:9.4.54.v20240208=testRuntimeClasspath +org.eclipse.jetty:jetty-server:9.4.54.v20240208=testRuntimeClasspath +org.eclipse.jetty:jetty-servlet:9.4.54.v20240208=testRuntimeClasspath +org.eclipse.jetty:jetty-util-ajax:9.4.54.v20240208=testRuntimeClasspath +org.eclipse.jetty:jetty-util:9.4.54.v20240208=testRuntimeClasspath +org.hamcrest:hamcrest:2.1=testRuntimeClasspath +org.jetbrains.kotlin:kotlin-bom:2.1.21=testRuntimeClasspath +org.jetbrains.kotlin:kotlin-stdlib:2.2.0=testRuntimeClasspath +org.jetbrains:annotations:13.0=testRuntimeClasspath +org.junit.jupiter:junit-jupiter-api:5.13.3=testRuntimeClasspath +org.junit.jupiter:junit-jupiter-engine:5.13.3=testRuntimeClasspath +org.junit.jupiter:junit-jupiter-params:5.13.3=testRuntimeClasspath +org.junit.jupiter:junit-jupiter:5.13.3=testRuntimeClasspath +org.junit.platform:junit-platform-commons:1.13.3=testRuntimeClasspath +org.junit.platform:junit-platform-engine:1.13.3=testRuntimeClasspath +org.junit.platform:junit-platform-launcher:1.13.3=testRuntimeClasspath +org.junit:junit-bom:5.13.3=runtimeClasspath,testRuntimeClasspath +org.mockito:mockito-core:4.11.0=testRuntimeClasspath +org.objenesis:objenesis:3.3=testRuntimeClasspath +org.opentest4j:opentest4j:1.3.0=testRuntimeClasspath +org.ow2.asm:asm-analysis:9.8=testRuntimeClasspath +org.ow2.asm:asm-commons:9.8=testRuntimeClasspath +org.ow2.asm:asm-tree:9.8=testRuntimeClasspath +org.ow2.asm:asm-util:9.8=testRuntimeClasspath +org.ow2.asm:asm:9.8=testRuntimeClasspath +org.reactivestreams:reactive-streams:1.0.4=runtimeClasspath,testRuntimeClasspath +org.slf4j:jcl-over-slf4j:2.0.17=runtimeClasspath,testRuntimeClasspath +org.slf4j:jul-to-slf4j:2.0.17=testRuntimeClasspath +org.slf4j:log4j-over-slf4j:2.0.17=testRuntimeClasspath +org.slf4j:slf4j-api:2.0.17=runtimeClasspath,testRuntimeClasspath +org.snakeyaml:snakeyaml-engine:2.9=testRuntimeClasspath +org.testcontainers:testcontainers-bom:1.21.3=runtimeClasspath,testRuntimeClasspath +org.yaml:snakeyaml:2.4=testRuntimeClasspath empty= diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 0e703f18f0e..a65e7907665 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -69,7 +69,10 @@ val DEPENDENCIES = listOf( "io.opentelemetry.contrib:opentelemetry-jfr-connection:${otelContribVersion}-alpha", "io.opentelemetry.contrib:opentelemetry-runtime-attach-core:${otelContribVersion}-alpha", "com.google.code.findbugs:jsr305:3.0.2", - "com.github.spotbugs:spotbugs-annotations:4.9.3" + "com.github.spotbugs:spotbugs-annotations:4.9.3", + // Security updates for CVEs + "com.nimbusds:nimbus-jose-jwt:10.3", // CVE-2025-53864 fix + "io.projectreactor.netty:reactor-netty-http:1.2.8" // CVE-2025-22227 fix ) javaPlatform {