Resolve more vulns in transitive dependencies

chadlwilson · chadlwilson · commit 213a0831c01a · 2025-07-25T13:46:52.000+08:00
diff --git a/.github/workflows/test_and_build.yml b/.github/workflows/test_and_build.yml
@@ -36,7 +36,7 @@ jobs:
         run: ./gradlew assemble check
       - name: Generate and submit dependency graph
         uses: gradle/actions/dependency-submission@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
-        if: github.ref == 'refs/heads/master' && matrix.docker-version == 'v25.0.5'
+        if: github.ref == 'refs/heads/master'
         env:
           DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath
   previewGithubRelease:
diff --git a/build.gradle b/build.gradle
@@ -89,6 +89,9 @@ dependencies {
     implementation('org.apache.commons:commons-compress:1.27.1') {
       because 'spotify docker-client uses an outdated version'
     }
+    implementation('org.apache.commons:commons-lang3:3.19.0') {
+      because 'spotify docker-client uses an outdated version'
+    }
     implementation('org.apache.httpcomponents:httpclient:4.5.14') {
       because 'spotify docker-client uses an outdated version'
     }

Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,9 @@ dependencies {`
`89`	`89`	`implementation('org.apache.commons:commons-compress:1.27.1') {`
`90`	`90`	`because 'spotify docker-client uses an outdated version'`
`91`	`91`	`}`
	`92`	`+ implementation('org.apache.commons:commons-lang3:3.19.0') {`
	`93`	`+ because 'spotify docker-client uses an outdated version'`
	`94`	`+ }`
`92`	`95`	`implementation('org.apache.httpcomponents:httpclient:4.5.14') {`
`93`	`96`	`because 'spotify docker-client uses an outdated version'`
`94`	`97`	`}`