From fa87e57051b4bca82aed1830f7b149661cac22c8 Mon Sep 17 00:00:00 2001
From: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Date: Wed, 26 Jul 2023 10:55:31 +0200
Subject: [PATCH] Bump vulnerable core dependencies

- Shiro from `1.10.0` to `1.12.0`
- Apache Commons Compress from `1.20` to `1.23.0`
- Tika from `1.25` to `1.28.5`

Committed-by: Thomas Zerr <thomas.zerr@cloudogu.com>
---
 gradle/changelog/vuln_deps.yaml | 6 ++++++
 gradle/dependencies.gradle      | 6 +++---
 gradle/plugin-center.yaml       | 2 --
 3 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 gradle/changelog/vuln_deps.yaml
 delete mode 100644 gradle/plugin-center.yaml

diff --git a/gradle/changelog/vuln_deps.yaml b/gradle/changelog/vuln_deps.yaml
new file mode 100644
index 0000000000..4c89a7d99f
--- /dev/null
+++ b/gradle/changelog/vuln_deps.yaml
@@ -0,0 +1,6 @@
+- type: changed
+  description: Bump Shiro from 1.10.0 to 1.12.0
+- type: changed
+  description: Bump Apache Commons Compress from 1.20 to 1.23.0
+- type: changed
+  description: Bump Tika from 1.25 to 1.28.5
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index e9eb0a45f9..e936a5af69 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -9,7 +9,7 @@ ext {
 
   mapstructVersion = '1.3.1.Final'
   jaxbVersion = '2.3.3'
-  shiroVersion = '1.10.0'
+  shiroVersion = '1.12.0'
   sspVersion = '1.3.0'
   jjwtVersion = '0.11.5'
   bouncycastleVersion = '1.75'
@@ -93,7 +93,7 @@ ext {
     // utils
     guava: 'com.google.guava:guava:32.0.1-jre',
     commonsLang: 'commons-lang:commons-lang:2.6',
-    commonsCompress: 'org.apache.commons:commons-compress:1.20',
+    commonsCompress: 'org.apache.commons:commons-compress:1.23.0',
 
     // security
     shiroCore: "org.apache.shiro:shiro-core:${shiroVersion}",
@@ -130,7 +130,7 @@ ext {
 
     // content type detection
     spotter: 'com.cloudogu.spotter:spotter-core:4.0.0',
-    tika: 'org.apache.tika:tika-core:1.25',
+    tika: 'org.apache.tika:tika-core:1.28.5',
 
     // restart on unix
     akuma: 'org.kohsuke:akuma:1.10',
diff --git a/gradle/plugin-center.yaml b/gradle/plugin-center.yaml
deleted file mode 100644
index 7ec767885c..0000000000
--- a/gradle/plugin-center.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-- type: changed
-  description: Refactor plugin manager