From 384e99a98749906fd1ac19d5783ac011ea3d16e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julio=20C=C3=A9sar?= <julio.castro.dev@gmail.com>
Date: Wed, 13 Aug 2025 08:42:47 +0200
Subject: [PATCH] [CHK-12382] Fix transitive dep vulnerability
 io.projectreactor.netty:reactor-netty-http

---
 build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/build.gradle b/build.gradle
index cc3c0ec..ede3bee 100644
--- a/build.gradle
+++ b/build.gradle
@@ -78,6 +78,9 @@ subprojects {
             implementation("org.apache.commons:commons-lang3:3.18.0") {
                 because("versions below 3.18.0 have security vulnerabilities including CVE-2025-48924 - see dependabot #15")
             }
+            implementation("io.projectreactor.netty:reactor-netty-http:1.2.8") {
+                because("versions below 1.2.8 have security vulnerabilities including CVE-2025-22227 - see dependabot #16")
+            }
         }
     }