Merge pull request #111 from ie3-institute/ck/#110-hotFixInformationVulnerability

fix dependency vulnerability - CVE-2020-15250 - Temporary folder vulnerability - GHSA-269g-pwp5-87pp

Author: johanneshiry

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased/Snapshot]
 
+## [1.5.3]
+### Fixed
+-   Adding dependency constraint to avoid transitive dependencies introducing information vulnerability [CVE-2020-15250 - Temporary folder vulnerability](https://github.com/advisories/GHSA-269g-pwp5-87pp)
+
 ## [1.5.2]
 ### Changed
 -   Use Maven Central as repository for dependencies
@@ -68,7 +72,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 -   fixes + extensions in StandardUnits
 
-[Unreleased/Snapshot]: https://github.com/ie3-institute/powersystemutils/compare/v1.5.2...HEAD
+[Unreleased/Snapshot]: https://github.com/ie3-institute/powersystemutils/compare/v1.5.3...HEAD
+[1.5.3]: https://github.com/ie3-institute/powersystemutils/compare/v1.5.2...v1.5.3
 [1.5.2]: https://github.com/ie3-institute/powersystemutils/compare/v1.4...v1.5.2
 [1.5.1]: https://github.com/ie3-institute/powersystemutils/compare/v1.4...v1.5.1
 [1.5]: https://github.com/ie3-institute/powersystemutils/compare/v1.4...v1.5

build.gradle

@@ -20,7 +20,7 @@ ext {
 }
 
 group = 'com.github.ie3-institute'
-version = '1.6-SNAPSHOT'
+version = '1.5.3'
 description = 'PowerSystemUtils'
 sourceCompatibility = javaVersion
 targetCompatibility = javaVersion
@@ -42,6 +42,12 @@ repositories {
 }
 
 dependencies {
+	constraints {
+		implementation( 'junit:junit:4.13.2+' ){
+			because "CVE-2020-15250 - Temporary folder vulnerability - https://github.com/advisories/GHSA-269g-pwp5-87pp"
+		}
+	}
+
 	// logging
 	compile "org.slf4j:slf4j-api:$slf4jVersion"  // slf4j wrapper
 	compile 'com.lmax:disruptor:3.4.4' // async logging