From 26d144b3243e4074beadb1155a8d383e79cf56ce Mon Sep 17 00:00:00 2001
From: bbimber <bbimber@gmail.com>
Date: Thu, 21 Aug 2025 07:29:44 -0700
Subject: [PATCH] Address CVE-2024-7254

---
 SequenceAnalysis/build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SequenceAnalysis/build.gradle b/SequenceAnalysis/build.gradle
index 6b12148b1..ad4430c25 100644
--- a/SequenceAnalysis/build.gradle
+++ b/SequenceAnalysis/build.gradle
@@ -148,6 +148,9 @@ dependencies {
                 exclude group: "org.apache.commons", module: "commons-collections4"
                 // NOTE: this is a dependency of picard->google-cloud-storage. there is a vunerability in 1.6.8 that does not seem fixed as of 1.6.9
                 exclude group: "org.threeten", module: "threetenbp"
+                // https://nvd.nist.gov/vuln/detail/CVE-2024-7254
+                implementation "com.google.protobuf:protobuf-java:3.25.5"
+                implementation "com.google.protobuf:protobuf-java-util:3.25.6"
             }
     )