From 8e68ad2349845ec05837f1ce90ed1ee9b9a253ed Mon Sep 17 00:00:00 2001
From: Sebastian Nohn <sebastian@nohn.net>
Date: Thu, 8 Jul 2021 23:12:53 +0200
Subject: [PATCH 1/2] HHH-14719 bump apache-derby to 10.14.2.0 fixing
 CVE-2015-1832 and CVE-2018-1313

---
 databases/derby/matrix.gradle | 2 +-
 gradle/libraries.gradle       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/databases/derby/matrix.gradle b/databases/derby/matrix.gradle
index bedc6e15fa..6339f7a54e 100644
--- a/databases/derby/matrix.gradle
+++ b/databases/derby/matrix.gradle
@@ -5,7 +5,7 @@
  * See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
  */
 //databaseProfile {
-	jdbcDependency 'org.apache.derby:derby:10.11.1.1'
+	jdbcDependency 'org.apache.derby:derby:10.14.2.0'
 
 //	testing {
 //		beforeSuite {
diff --git a/gradle/libraries.gradle b/gradle/libraries.gradle
index 1af583bc6c..593a3c644a 100644
--- a/gradle/libraries.gradle
+++ b/gradle/libraries.gradle
@@ -127,7 +127,7 @@ ext {
             byteman_bmunit:  "org.jboss.byteman:byteman-bmunit:${bytemanVersion}",
             h2:              "com.h2database:h2:${h2Version}",
             hsqldb:          "org.hsqldb:hsqldb:2.3.2",
-            derby:           "org.apache.derby:derby:10.11.1.1",
+            derby:           "org.apache.derby:derby:10.14.2.0",
             postgresql:      'org.postgresql:postgresql:42.2.16',
             mysql:           'mysql:mysql-connector-java:8.0.17',
             mariadb:         'org.mariadb.jdbc:mariadb-java-client:2.2.3',

From 4e9b96247f90ce97b3597e04e1401474df6e4683 Mon Sep 17 00:00:00 2001
From: Sebastian Nohn <sebastian@nohn.net>
Date: Thu, 8 Jul 2021 11:33:23 +0200
Subject: [PATCH 2/2] HHH-14715: Update maven-core to 3.8.1 fixing
 CVE-201-26291

---
 gradle/libraries.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libraries.gradle b/gradle/libraries.gradle
index 593a3c644a..33d9a7dfdd 100644
--- a/gradle/libraries.gradle
+++ b/gradle/libraries.gradle
@@ -113,7 +113,7 @@ ext {
             java16_signature:   'org.codehaus.mojo.signature:java16:1.0@signature',
 
             //Maven plugin framework
-            maven_core: 'org.apache.maven:maven-core:3.0.5',
+            maven_core: 'org.apache.maven:maven-core:3.8.1',
             maven_artifact: 'org.apache.maven:maven-artifact:3.0.5',
             maven_plugin: 'org.apache.maven:maven-plugin-api:3.0.5',
             maven_plugin_tools: 'org.apache.maven.plugin-tools:maven-plugin-annotations:3.2',