vuln-fix: Use HTTPS instead of HTTP to resolve dependencies

This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <[email protected]> Signed-off-by: Jonathan Leitschuh <[email protected]> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <[email protected]>
BulkSecurityGeneratorProjectV2 · Oct 3, 2022 · 29eb4ea · 29eb4ea
1 parent eb23783
commit 29eb4ea
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/build.gradle b/build.gradle
@@ -6,7 +6,7 @@ buildscript {
         google()
         jcenter()
         maven { url "https://jitpack.io" }
-        maven { url 'http://repository.adincube.com/maven' }
+        maven { url 'https://repository.adincube.com/maven' }
         maven { url "https://plugins.gradle.org/m2/" }
 
     }
@@ -27,7 +27,7 @@ allprojects {
         google()
         jcenter()
         maven { url "https://jitpack.io" }
-        maven { url 'http://repository.adincube.com/maven' }
+        maven { url 'https://repository.adincube.com/maven' }
     }
 }