aboutsummaryrefslogtreecommitdiff
path: root/buildScripts/ivy.xml
diff options
context:
space:
mode:
authorReinier Zwitserloot <r.zwitserloot@projectlombok.org>2021-12-18 17:47:22 +0100
committerReinier Zwitserloot <r.zwitserloot@projectlombok.org>2021-12-18 17:47:22 +0100
commit932c939f67a6459eb4d00689f0e6ff79a9a13169 (patch)
tree7acc5ff6846348e15fede0ba350b03c89667495f /buildScripts/ivy.xml
parentc10b47a5d12b94570067c4b412c3018630300e7f (diff)
downloadlombok-932c939f67a6459eb4d00689f0e6ff79a9a13169.tar.gz
lombok-932c939f67a6459eb4d00689f0e6ff79a9a13169.tar.bz2
lombok-932c939f67a6459eb4d00689f0e6ff79a9a13169.zip
[#3063] Whilst lombok is not vulnerable to Log4Shell, we do have the dependency on log4j, solely for testing purposes, and no user input is ever logged with it. Nevertheless, pushing the dep to 2.17 to avoid false positives from vulnerability scanners ruining the day.
Diffstat (limited to 'buildScripts/ivy.xml')
-rw-r--r--buildScripts/ivy.xml2
1 files changed, 1 insertions, 1 deletions
diff --git a/buildScripts/ivy.xml b/buildScripts/ivy.xml
index ab9ddf6e..736f3eb1 100644
--- a/buildScripts/ivy.xml
+++ b/buildScripts/ivy.xml
@@ -45,7 +45,7 @@
<!-- test deps -->
<dependency org="junit" name="junit" rev="4.8.2" conf="test->default; sources" />
<dependency org="log4j" name="log4j" rev="1.2.17" conf="test->default; sources" />
- <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.16.0" conf="test->default; sources" />
+ <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.0" conf="test->default; sources" />
<dependency org="commons-logging" name="commons-logging" rev="1.2" conf="test->default; sources" />
<dependency org="org.slf4j" name="slf4j-api" rev="1.8.0-beta2" conf="test->default; sources" />
<dependency org="org.slf4j" name="slf4j-ext" rev="1.8.0-beta2" conf="test->default; sources" />
generated by cgit (git 2.46.0) at 2024-11-26 16:58:34 +0000