From 742c19d616401ab4ef61bb8f225c71744c4a506a Mon Sep 17 00:00:00 2001
From: Lee Read <lee@dlread.com>
Date: Mon, 26 Feb 2024 13:08:53 -0500
Subject: [PATCH] [Fix #13] Bump Apache Commons Compress to address CVEs (#14)

- Bump Apache Commons Compress to address CVEs
- Bump `org.tukaani/xz` dep to match version referenced by bumped
  version of Apache Commons Compress.

Closes #13
---
 project.clj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/project.clj b/project.clj
index 2a08144..bedb5d7 100644
--- a/project.clj
+++ b/project.clj
@@ -9,11 +9,11 @@
                                     :sign-releases true}]]
 
   :dependencies [[org.clojure/clojure "1.9.0" :scope "provided"]
-                 [org.apache.commons/commons-compress "1.21"]
+                 [org.apache.commons/commons-compress "1.26.0"]
                  ;; this lib is marked as optional in
                  ;; commons-compress, so we need to import it
                  ;; explicitly
-                 [org.tukaani/xz "1.8"]]
+                 [org.tukaani/xz "1.9"]]
   :plugins [[lein-midje "3.1.3"]
             [codox "0.8.10"]
             [lein-ancient "0.6.15"]]