From 42c44603fc5b0ea8be6852fab2e8dc70e2a70881 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 03:23:20 +0000
Subject: [PATCH] fix(deps): Bump dnsjava:dnsjava from 3.5.3 to 3.6.0 (#231)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [dnsjava:dnsjava](https://github.com/dnsjava/dnsjava) from 3.5.3 to 3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dnsjava/dnsjava/releases">dnsjava:dnsjava's releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<ul>
<li>Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw)
Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (<a href="https://github.com/bellebaum"><code>@​bellebaum</code></a>) and Martin Schanzenbach (<a href="https://github.com/schanzen"><code>@​schanzen</code></a>) for reporting and assisting me with this issue.</li>
<li>Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf)
Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)</li>
<li>Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr)
NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)</li>
<li>Fix running all DNSSEC on the specified executor</li>
<li>Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12</li>
<li>Add A/AAAA record constructor with IP address byte array</li>
<li>Validate DS record digest lengths (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/250">#250</a>)</li>
<li>Fix NPE in SimpleResolver on invalid responses (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/277">#277</a>)</li>
<li>Add support for JEP 418: Internet-Address Resolution SPI (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/290">#290</a>)</li>
<li>Full JPMS support (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/246">#246</a>)</li>
<li>Pluggable I/O for SimpleResolver
(<a href="https://github.com/chrisruffalo"><code>@​chrisruffalo</code></a>, <a href="https://redirect.github.com/dnsjava/dnsjava/issues/253">#253</a>)</li>
<li>UDP port leak in SimpleResolver (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/318">#318</a>)</li>
<li>Fix clean shutdown in app containers when never used (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/319">#319</a>)</li>
<li>Fix concurrency issue in I/O clients (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/315">#315</a>, <a href="https://redirect.github.com/dnsjava/dnsjava/issues/323">#323</a>)</li>
<li>LookupSession doesn't cache CNAMEs (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/316">#316</a>)</li>
<li>SimpleResolver can fail with UPDATE response (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/322">#322</a>)</li>
<li>Replace synchronization in Zone with locks
(<a href="https://redirect.github.com/dnsjava/dnsjava/issues/305">#305</a>, based on work from <a href="https://github.com/srijeet0406"><code>@​srijeet0406</code></a> in <a href="https://redirect.github.com/dnsjava/dnsjava/issues/306">#306</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dnsjava/dnsjava/blob/master/Changelog">dnsjava:dnsjava's changelog</a>.</em></p>
<blockquote>
<p>07/21/2024</p>
<ul>
<li>3.6.0 released</li>
<li>Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw)
Lookup and LookupSession do not sanitize input properly,
allowing to smuggle additional responses, even with DNSSEC.
I would like to thank Thomas Bellebaum from Fraunhofer AISEC
(<a href="https://github.com/bellebaum"><code>@​bellebaum</code></a>) and Martin Schanzenbach (<a href="https://github.com/schanzen"><code>@​schanzen</code></a>) for reporting
and assisting me with this issue.</li>
<li>Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf)
Denial-of-Service Algorithmic Complexity Attacks (KeyTrap)</li>
<li>Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr)
NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap)</li>
<li>Fix running all DNSSEC on the specified executor</li>
<li>Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12</li>
<li>Add A/AAAA record constructor with IP address byte array</li>
<li>Validate DS record digest lengths (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/250">#250</a>)</li>
<li>Fix NPE in SimpleResolver on invalid responses (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/277">#277</a>)</li>
<li>Add support for JEP 418: Internet-Address Resolution SPI (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/290">#290</a>)</li>
<li>Full JPMS support (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/246">#246</a>)</li>
<li>Pluggable I/O for SimpleResolver
(<a href="https://github.com/chrisruffalo"><code>@​chrisruffalo</code></a>, <a href="https://redirect.github.com/dnsjava/dnsjava/issues/253">#253</a>)</li>
<li>UDP port leak in SimpleResolver (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/318">#318</a>)</li>
<li>Fix clean shutdown in app containers when never used (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/319">#319</a>)</li>
<li>Fix concurrency issue in I/O clients (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/315">#315</a>, <a href="https://redirect.github.com/dnsjava/dnsjava/issues/323">#323</a>)</li>
<li>LookupSession doesn't cache CNAMEs (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/316">#316</a>)</li>
<li>SimpleResolver can fail with UPDATE response (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/322">#322</a>)</li>
<li>Replace synchronization in Zone with locks
(<a href="https://redirect.github.com/dnsjava/dnsjava/issues/305">#305</a>, based on work from <a href="https://github.com/srijeet0406"><code>@​srijeet0406</code></a> in <a href="https://redirect.github.com/dnsjava/dnsjava/issues/306">#306</a>)</li>
</ul>
<p>11/11/2023</p>
<ul>
<li>3.5.3 released</li>
<li>Fix CNAME in LookupSession (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/279">#279</a>)</li>
<li>Fix Name constructor failing with max length, relative name
and root origin (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/289">#289</a>, <a href="https://github.com/MMauro94"><code>@​MMauro94</code></a>)</li>
<li>Add config option for Resolver I/O timeout (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/273">#273</a>, <a href="https://github.com/vmarian2"><code>@​vmarian2</code></a>)</li>
<li>Extend I/O logging</li>
<li>Prevent exception during TCP I/O with missing or truncated
length prefix</li>
<li>Use internal base64 codec for Android compatibility (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/271">#271</a>)</li>
<li>Fix multi-message TSIG stream verification for pre-RFC8945
servers (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/295">#295</a>, <a href="https://github.com/frankarinnet"><code>@​frankarinnet</code></a> and <a href="https://github.com/nguichon"><code>@​nguichon</code></a>)</li>
<li>Add StreamGenerator for generating RFC8945 compliant
multi-message streams (related to <a href="https://redirect.github.com/dnsjava/dnsjava/issues/295">#295</a>)</li>
</ul>
<p>11/16/2022</p>
<ul>
<li>3.5.2 released</li>
<li>Correctly render empty TXT records (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/254">#254</a>)</li>
<li>More validation on TLSA data input (<a href="https://redirect.github.com/dnsjava/dnsjava/issues/257">#257</a>)</li>
</ul>
<p>05/15/2022</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/dnsjava/dnsjava/commit/fd1d7c9280986ebb219c421695a902559aaeda22"><code>fd1d7c9</code></a> Release v3.6.0</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/9fbab85a42ac576d5455f388870c06aad991cf75"><code>9fbab85</code></a> Artifact v4 fixes</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d"><code>bc51df1</code></a> Fix links to RFCs and IANA registries</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/5b01f5d0f500bb0f3fed472693b884243898b971"><code>5b01f5d</code></a> Update dependencies</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/2f9b45ba6dd60e7b65ac29c81aa765b152029c8f"><code>2f9b45b</code></a> Replace synchronization in Zone with locks</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/e206796c91d54dc1a5993d71ef74ec89eebc4184"><code>e206796</code></a> Add AAAARecord ctor with byte[]</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/a24a6bf4ee6a546dcfefeb869b0675206c563952"><code>a24a6bf</code></a> DDNS response messages do not include the question</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/36ba71156f86fd610771c33df17ecaea1f2f4924"><code>36ba711</code></a> Prevent exceptions during concurrent selector runs</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/b842550e6c3046cdbd7969ac6ddf99af9ccdc637"><code>b842550</code></a> Remove junit-pioneer due to lack of Java 8 support</li>
<li><a href="https://github.com/dnsjava/dnsjava/commit/711af79be3214f52daa5c846b95766dc0a075116"><code>711af79</code></a> CVE-2023-50868 / KeyTrap: NSEC3 closest encloser proof can exhaust CPU</li>
<li>Additional commits viewable in <a href="https://github.com/dnsjava/dnsjava/compare/v3.5.3...v3.6.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dnsjava:dnsjava&package-manager=gradle&previous-version=3.5.3&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index b4d3287..edd8e09 100644
--- a/build.gradle
+++ b/build.gradle
@@ -48,7 +48,7 @@ dependencies {
 
   implementation("io.ktor:ktor-client-okhttp:$ktorVersion")
   implementation("com.squareup.okhttp3:okhttp:$okhttpVersion")
-  implementation("dnsjava:dnsjava:3.5.3")
+  implementation("dnsjava:dnsjava:3.6.0")
 
   testImplementation("org.jetbrains.kotlin:kotlin-test")
   testImplementation("org.junit.jupiter:junit-jupiter:$junit5Version")