From 09e960e6269dd2d3a69f9a7fe13131ec73ae6d33 Mon Sep 17 00:00:00 2001
From: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>
Date: Wed, 19 Jan 2022 10:18:05 -0300
Subject: [PATCH 1/3] Bump due to security issues

Bump the following libs due to a security issue
- `io.netty/netty-codec-http` (CVE-2021-37136, CVE-2021-37137)
- `io.netty/netty-codec` (CVE-2021-43797)
---
 project.clj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/project.clj b/project.clj
index 4a638b37..a8d5eafa 100644
--- a/project.clj
+++ b/project.clj
@@ -33,8 +33,8 @@
                  ;; pulled by Aleph v0.4.6 (last stable version)
                  [io.netty/netty-transport "4.1.68.Final"]
                  [io.netty/netty-transport-native-epoll "4.1.68.Final"]
-                 [io.netty/netty-codec "4.1.68.Final"]
-                 [io.netty/netty-codec-http "4.1.68.Final"]
+                 [io.netty/netty-codec "4.1.73.Final"]
+                 [io.netty/netty-codec-http "4.1.73.Final"]
                  [io.netty/netty-handler "4.1.68.Final"]
                  [io.netty/netty-handler-proxy "4.1.68.Final"]
                  [io.netty/netty-resolver "4.1.68.Final"]

From 03bca747173777ac0ff662ca0a56ccdbdddf3ef9 Mon Sep 17 00:00:00 2001
From: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>
Date: Wed, 19 Jan 2022 10:38:10 -0300
Subject: [PATCH 2/3] Update project.clj

---
 project.clj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/project.clj b/project.clj
index a8d5eafa..30703090 100644
--- a/project.clj
+++ b/project.clj
@@ -34,7 +34,7 @@
                  [io.netty/netty-transport "4.1.68.Final"]
                  [io.netty/netty-transport-native-epoll "4.1.68.Final"]
                  [io.netty/netty-codec "4.1.73.Final"]
-                 [io.netty/netty-codec-http "4.1.73.Final"]
+                 [io.netty/netty-codec-http "4.1.68.Final"]
                  [io.netty/netty-handler "4.1.68.Final"]
                  [io.netty/netty-handler-proxy "4.1.68.Final"]
                  [io.netty/netty-resolver "4.1.68.Final"]

From 44179fda20571581030b92d4ef64b3bf9a9225d0 Mon Sep 17 00:00:00 2001
From: Matheus Bernardes <12648924+mthbernardes@users.noreply.github.com>
Date: Fri, 21 Jan 2022 16:06:18 -0300
Subject: [PATCH 3/3] Update project.clj

---
 project.clj | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/project.clj b/project.clj
index 30703090..4ba42969 100644
--- a/project.clj
+++ b/project.clj
@@ -31,14 +31,14 @@
 
                  ;; Use specific netty version to avoid critical CVE
                  ;; pulled by Aleph v0.4.6 (last stable version)
-                 [io.netty/netty-transport "4.1.68.Final"]
-                 [io.netty/netty-transport-native-epoll "4.1.68.Final"]
+                 [io.netty/netty-transport "4.1.73.Final"]
+                 [io.netty/netty-transport-native-epoll "4.1.73.Final"]
                  [io.netty/netty-codec "4.1.73.Final"]
-                 [io.netty/netty-codec-http "4.1.68.Final"]
-                 [io.netty/netty-handler "4.1.68.Final"]
-                 [io.netty/netty-handler-proxy "4.1.68.Final"]
-                 [io.netty/netty-resolver "4.1.68.Final"]
-                 [io.netty/netty-resolver-dns "4.1.68.Final"]
+                 [io.netty/netty-codec-http "4.1.73.Final"]
+                 [io.netty/netty-handler "4.1.73.Final"]
+                 [io.netty/netty-handler-proxy "4.1.73.Final"]
+                 [io.netty/netty-resolver "4.1.73.Final"]
+                 [io.netty/netty-resolver-dns "4.1.73.Final"]
 
                  ;; Use specific commons-compress version to avoid
                  ;; CVE-2021-36090 pulled by avro 1.9.2