Okio CVE (#156)

Stickerifier · Oct 2, 2023 · 9219c5c · 9219c5c
1 parent a7b4fdb
commit 9219c5c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 9 deletions.
diff --git a/build.gradle b/build.gradle
@@ -22,6 +22,12 @@ dependencies {
     testImplementation libs.hamcrest
     testImplementation libs.junit
     testImplementation libs.mockwebserver
+
+    constraints {
+        implementation(libs.okio) {
+            because 'CVE-2023-3635: Okio Signed to Unsigned Conversion Error vulnerability'
+        }
+    }
 }
 
 group = 'com.github.stickerifier'
@@ -47,7 +53,7 @@ application {
 }
 
 shadowJar {
-    archiveBaseName.set('Stickerify')
-    archiveClassifier.set('shadow')
-    archiveVersion.set('')
+    archiveBaseName = 'Stickerify'
+    archiveClassifier = 'shadow'
+    archiveVersion = ''
 }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -11,6 +11,7 @@ junit = "org.junit.jupiter:junit-jupiter:5.10.0"
 logback-classic = { module = "ch.qos.logback:logback-classic", version.ref = "logback" }
 logback-core = { module = "ch.qos.logback:logback-core", version.ref = "logback" }
 mockwebserver = "com.squareup.okhttp3:mockwebserver3-junit5:5.0.0-alpha.11"
+okio = "com.squareup.okio:okio:3.6.0"
 slf4j-api = "org.slf4j:slf4j-api:2.0.9"
 telegram-bot-api = "com.github.pengrad:java-telegram-bot-api:6.9.0"
 tika = "org.apache.tika:tika-core:2.9.0"

diff --git a/settings.gradle b/settings.gradle
@@ -4,12 +4,11 @@ plugins {
 }
 
 gradleEnterprise {
-    if (System.getenv('CI') != null) {
-        buildScan {
-            publishAlways()
-            termsOfServiceUrl = 'https://gradle.com/terms-of-service'
-            termsOfServiceAgree = 'yes'
-        }
+    buildScan {
+        termsOfServiceUrl = 'https://gradle.com/terms-of-service'
+        termsOfServiceAgree = 'yes'
+
+        publishAlwaysIf(providers.environmentVariable('CI').present)
     }
 }