From 499201dc717da139c71e296bfb7da7ebd5e339aa Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Mon, 13 Apr 2026 09:59:51 -0700 Subject: [PATCH 1/2] Update tomcat, log4j2, and grpc versions to address CVEs --- gradle.properties | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gradle.properties b/gradle.properties index d17e693829..fbc8e3d822 100644 --- a/gradle.properties +++ b/gradle.properties @@ -100,7 +100,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.5 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=11.0.20 +apacheTomcatVersion=11.0.21 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm @@ -169,7 +169,7 @@ googleProtocolBufVersion=3.25.8 # "java.lang.NoSuchMethodError: 'void com.google.gson.internal.ConstructorConstructor.(java.util.Map)'" errors gsonVersion=2.8.9 -grpcVersion=1.78.0 +grpcVersion=1.80.0 guavaVersion=33.5.0-jre @@ -246,7 +246,7 @@ jxlVersion=2.6.3 kaptchaVersion=2.3 -log4j2Version=2.25.3 +log4j2Version=2.25.4 lombokVersion=1.18.42 From 179b93eb7f7eacc8c76327d3e402321ca7bcae74 Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Mon, 13 Apr 2026 10:37:37 -0700 Subject: [PATCH 2/2] Update ossIndex.url for Sonatype OSS Index migration to Sonatype Guide API --- build.gradle | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 98610dee68..4bb7c7a57e 100644 --- a/build.gradle +++ b/build.gradle @@ -34,7 +34,8 @@ allprojects { if (project.hasProperty('ossIndexUsername') && project.hasProperty('ossIndexPassword')) { analyzers.ossIndex.username = project.property('ossIndexUsername') - analyzers.ossIndex.password = project.property('ossIndexPassword'); + analyzers.ossIndex.password = project.property('ossIndexPassword') + analyzers.ossIndex.url = "https://api.guide.sonatype.com" } else {