From 2f3d18c688af6f29141dda0bca6d5b2e09f1aef2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Knop?= <rene@kn0p.family>
Date: Fri, 18 Aug 2023 07:32:53 +0200
Subject: [PATCH 1/2] Update logback to 1.3.11 (and log4jOverSlf4j to 2.0.7)

To avoid vulnerable transitive dependency
maven:ch.qos.logback:logback-core:1.2.3
(CVE-2021-42550)
---
 buildSrc/src/main/kotlin/Deps.kt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/buildSrc/src/main/kotlin/Deps.kt b/buildSrc/src/main/kotlin/Deps.kt
index 9a13cc3d..c4d36141 100644
--- a/buildSrc/src/main/kotlin/Deps.kt
+++ b/buildSrc/src/main/kotlin/Deps.kt
@@ -8,8 +8,8 @@ object Versions {
     const val htmlUnit = "2.63.0"
     const val testContainers = "1.16.2"
     const val wireMock = "2.28.0"
-    const val log4jOverSlf4j = "1.7.36"
-    const val logback = "1.2.7"
+    const val log4jOverSlf4j = "2.0.7"
+    const val logback = "1.3.11"
     const val strikt = "0.33.0"
     const val mockk = "1.12.1"
     const val jUnit = "5.8.2"

From fc3d22682fc2d3342945f10148555cf5f732b924 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Knop?= <rene@kn0p.family>
Date: Fri, 18 Aug 2023 07:39:40 +0200
Subject: [PATCH 2/2] Remove duplicate, unnecessary redeclaration

---
 fetcher/browser-fetcher/build.gradle.kts | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fetcher/browser-fetcher/build.gradle.kts b/fetcher/browser-fetcher/build.gradle.kts
index 2bafdcc9..24e5ba34 100644
--- a/fetcher/browser-fetcher/build.gradle.kts
+++ b/fetcher/browser-fetcher/build.gradle.kts
@@ -8,10 +8,8 @@ dependencies {
     api(Deps.htmlUnit) {
         exclude("org.eclipse.jetty.websocket") // avoid android crash; see #93
     }
-    val log4jOverSlf4jVersion = "2.0.3"
-    val logbackVersion = "1.3.3"
-    api("ch.qos.logback:logback-classic:$logbackVersion")
-    api("org.slf4j:log4j-over-slf4j:$log4jOverSlf4jVersion")
+    api(Deps.logback)
+    api(Deps.log4jOverSlf4j)
 
     testImplementation(projects.testUtils)
 }