From 6e96f2c4d760ccc255cd2a37aad3e70aeb254f4d Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Fri, 25 Aug 2023 11:11:38 -0500
Subject: [PATCH] Provides transitive vulnerable dependency
 maven:org.apache.commons:commons-compress:1.4.1 CVE-2018-11771 5.5 Loop with
 Unreachable Exit Condition ('Infinite Loop') vulnerability pending CVSS
 allocation CVE-2021-35515 7.5 Excessive Iteration vulnerability pending CVSS
 allocation CVE-2021-35516 7.5 Improper Handling of Length Parameter
 Inconsistency vulnerability pending CVSS allocation CVE-2021-35517 7.5
 Improper Handling of Length Parameter Inconsistency vulnerability pending
 CVSS allocation CVE-2021-36090 7.5 Improper Handling of Length Parameter
 Inconsistency vulnerability pending CVSS allocation

---
 pom.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 13144a9f545..6d541951280 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@
     <build-support.version>1.5</build-support.version>
     <checkstyle.version>10.6.0</checkstyle.version>
     <commons-codec.version>1.16.0</commons-codec.version>
-    <commons.compress.version>1.23.0</commons.compress.version>
+    <commons-compress.version>1.23.0</commons-compress.version>
     <commons.io.version>2.13.0</commons.io.version>
     <commons-lang3.version>3.13.0</commons-lang3.version>
     <conscrypt.version>2.5.2</conscrypt.version>
@@ -1010,6 +1010,11 @@
         <artifactId>commons-codec</artifactId>
         <version>${commons-codec.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-compress</artifactId>
+        <version>${commons-compress.version}</version>
+      </dependency>
       <dependency>
         <groupId>io.grpc</groupId>
         <artifactId>grpc-core</artifactId>