From 6772b51748897be533daaf6980b3ed2cd4ff2757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Le=C3=B3n=20Keurogli=C3=A1n?= <lkeuroglian@hotmail.com>
Date: Sun, 27 Oct 2024 15:37:04 -0300
Subject: [PATCH] Updating Dependencies

Updated tink from 1.14.1 to 1.15.0
Updated protobuf-java from 3.25.3 to 3.25.5 (transitive dependency from
tink, vulnerable in current version of tink)

Addressed CVE:
CVE-2024-7254
---
 build.gradle.kts    | 3 +++
 settings.gradle.kts | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index 7ed995a3b3..ac3896ab4d 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -149,6 +149,9 @@ dependencies {
 
     //Audio crypto libraries
     implementation(libs.tink)
+    implementation(libs.protobuf.java) {
+        because("Overrides transitive dependency from tink to address CVE-2024-7254.")
+    }
 
     //Sets the dependencies for the examples
     configurations["examplesImplementation"].withDependencies {
diff --git a/settings.gradle.kts b/settings.gradle.kts
index 471ca78ee1..89ead48ad3 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -23,8 +23,9 @@ dependencyResolutionManagement {
             library("mockito",               "org.mockito",              "mockito-core"        ).version("5.11.0")
             library("reflections",           "org.reflections",          "reflections"         ).version("0.10.2")
             library("slf4j",                 "org.slf4j",                "slf4j-api"           ).version("2.0.13")
-            library("tink",                  "com.google.crypto.tink",   "tink"                ).version("1.14.1")
+            library("tink",                  "com.google.crypto.tink",   "tink"                ).version("1.15.0")
             library("archunit",              "com.tngtech.archunit",     "archunit"            ).version("1.3.0")
+            library("protobuf-java",         "com.google.protobuf",      "protobuf-java"       ).version("3.25.5")
         }
     }
 }