Address CVE-2024-7254

bbimber · bbimber · commit 26d144b3243e · 2025-08-21T07:29:44.000-07:00
diff --git a/SequenceAnalysis/build.gradle b/SequenceAnalysis/build.gradle
@@ -148,6 +148,9 @@ dependencies {
                 exclude group: "org.apache.commons", module: "commons-collections4"
                 // NOTE: this is a dependency of picard->google-cloud-storage. there is a vunerability in 1.6.8 that does not seem fixed as of 1.6.9
                 exclude group: "org.threeten", module: "threetenbp"
+                // https://nvd.nist.gov/vuln/detail/CVE-2024-7254
+                implementation "com.google.protobuf:protobuf-java:3.25.5"
+                implementation "com.google.protobuf:protobuf-java-util:3.25.6"
             }
     )
 

Original file line number	Diff line number	Diff line change
`@@ -148,6 +148,9 @@ dependencies {`
`148`	`148`	`exclude group: "org.apache.commons", module: "commons-collections4"`
`149`	`149`	`// NOTE: this is a dependency of picard->google-cloud-storage. there is a vunerability in 1.6.8 that does not seem fixed as of 1.6.9`
`150`	`150`	`exclude group: "org.threeten", module: "threetenbp"`
	`151`	`+ // https://nvd.nist.gov/vuln/detail/CVE-2024-7254`
	`152`	`+ implementation "com.google.protobuf:protobuf-java:3.25.5"`
	`153`	`+ implementation "com.google.protobuf:protobuf-java-util:3.25.6"`
`151`	`154`	`}`
`152`	`155`	`)`
`153`	`156`