vuln-fix: Use HTTPS instead of HTTP to resolve dependencies (#953)

This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <[email protected]> Signed-off-by: Jonathan Leitschuh <[email protected]> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <[email protected]> Co-authored-by: Moderne <[email protected]>
openmrs · Jul 26, 2022 · 32cd2c1 · 32cd2c1
1 parent e6e95a2
commit 32cd2c1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/openmrs-client/build.gradle b/openmrs-client/build.gradle
@@ -122,7 +122,7 @@ android {
 }
 
 repositories {
-    maven { url 'http://yanzm.github.io/MaterialTabHost/repository' }
+    maven { url 'https://yanzm.github.io/MaterialTabHost/repository' }
     mavenCentral()
     jcenter()
     maven { url "https://oss.sonatype.org/content/repositories/snapshots/" }