Merge pull request #440 from okta/vulns_update

Update vuln libs

.github/workflows/okta-react-native.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Execute snyk.sh
         run: bash ./scripts/snyk.sh
     iOSUnitTests:
-      runs-on: macos-12
+      runs-on: macos-15
       steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -53,7 +53,7 @@ jobs:
           xcodebuild \
           -workspace ios/ReactNativeOktaSdkBridge.xcworkspace \
           -scheme "ReactNativeOktaSdkBridge" \
-          -destination "platform=iOS Simulator,OS=latest,name=iPhone 14" \
+          -destination "platform=iOS Simulator,OS=latest,name=iPhone 16" \
           clean test | xcpretty
     # iOSUITests:
     #   runs-on: macos-12

CHANGELOG.md

@@ -1,4 +1,7 @@
-# 2.14.0
+# 2.16.0
+- Fix vulnerabilities and remove jsonpath-plus. Thanks to [vero1024](https://github.com/vero1024) for contribution in this release!
+
+# 2.15.0
 
 ### Bug Fix
 - [#437](https://github.com/okta/okta-react-native/pull/437) Update OktaOidc to 3.11.7 to fix xcprivacy compile errors on iOS

android/build.gradle

@@ -13,6 +13,9 @@ import groovy.json.JsonSlurper
  */
 
 buildscript {
+    apply from: 'forceVersions.gradle'
+    forceVersions(configurations)
+
     repositories {
         google()
         mavenCentral()
@@ -56,6 +59,8 @@ android {
 }
 
 allprojects {
+    forceVersions(configurations)
+
     repositories {
         mavenCentral()
         google()
@@ -66,7 +71,7 @@ allprojects {
 dependencies {
     implementation "com.facebook.react:react-android:+"
     implementation 'com.okta.android:okta-oidc-android:1.3.4'
-    implementation 'com.squareup.okhttp3:okhttp:4.11.0'
+    implementation 'com.squareup.okhttp3:okhttp:4.12.0'
     implementation 'com.squareup.okio:okio:3.5.0'
     implementation 'com.squareup.okio:okio-jvm:3.5.0'
 }

android/forceVersions.gradle

@@ -0,0 +1,11 @@
+def forceVersions(ConfigurationContainer configurations) {
+    configurations.configureEach { configuration ->
+        configuration.resolutionStrategy {
+            force 'org.bouncycastle:bcprov-jdk18on:1.78.1'
+            force 'io.netty:netty-handler:4.1.108.Final'
+            force 'io.netty:netty-codec-http:4.1.108.Final'
+        }
+    }
+}
+
+ext.forceVersions = this.&forceVersions

e2e/android/forceVersions.gradle

@@ -10,11 +10,13 @@ def forceVersions(ConfigurationContainer configurations) {
             force 'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.9.22'
             force 'org.bouncycastle:bcutil-jdk15to18:1.78.1'
             force 'org.bouncycastle:bcprov-jdk15to18:1.78.1'
+            force 'org.bouncycastle:bcprov-jdk18on:1.78.1'
             force 'org.robolectric:robolectric:4.12.2'
             force 'junit:junit:4.13.2'
             force 'commons-io:commons-io:2.15.1'
             force 'commons-codec:commons-codec:1.17.0'
-            force 'io.netty:netty-common:4.1.93.Final'
+            force 'io.netty:netty-handler:4.1.108.Final'
+            force 'io.netty:netty-codec-http:4.1.108.Final'
         }
     }
 }

e2e/ios/E2EOktaReactNative.xcodeproj/project.pbxproj

@@ -385,6 +385,7 @@
 				"${PODS_CONFIGURATION_BUILD_DIR}/EXConstants/ExpoConstants_privacy.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/EXUpdates/EXUpdates.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/ExpoFileSystem/ExpoFileSystem_privacy.bundle",
+				"${PODS_CONFIGURATION_BUILD_DIR}/OktaOidc/OktaOidc.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/ReachabilitySwift/ReachabilitySwift.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/React-Core/RCTI18nStrings.bundle",
 			);
@@ -394,6 +395,7 @@
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/ExpoConstants_privacy.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/EXUpdates.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/ExpoFileSystem_privacy.bundle",
+				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/OktaOidc.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/ReachabilitySwift.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/RCTI18nStrings.bundle",
 			);

e2e/ios/Podfile.lock

@@ -8,17 +8,17 @@ PODS:
   - EXJSONUtils (0.13.1)
   - EXManifests (0.14.3):
     - ExpoModulesCore
-  - Expo (51.0.9):
+  - Expo (51.0.39):
     - ExpoModulesCore
-  - ExpoAsset (10.0.6):
+  - ExpoAsset (10.0.10):
     - ExpoModulesCore
   - ExpoFileSystem (17.0.1):
     - ExpoModulesCore
-  - ExpoFont (12.0.6):
+  - ExpoFont (12.0.10):
     - ExpoModulesCore
   - ExpoKeepAwake (13.0.2):
     - ExpoModulesCore
-  - ExpoModulesCore (1.12.12):
+  - ExpoModulesCore (1.12.26):
     - DoubleConversion
     - glog
     - hermes-engine
@@ -41,7 +41,7 @@ PODS:
     - ReactCommon/turbomodule/bridging
     - ReactCommon/turbomodule/core
     - Yoga
-  - EXSplashScreen (0.27.4):
+  - EXSplashScreen (0.27.7):
     - DoubleConversion
     - ExpoModulesCore
     - glog
@@ -64,7 +64,7 @@ PODS:
     - ReactCommon/turbomodule/core
     - Yoga
   - EXStructuredHeaders (3.8.0)
-  - EXUpdates (0.25.15):
+  - EXUpdates (0.25.27):
     - DoubleConversion
     - EASClient
     - EXManifests
@@ -100,14 +100,14 @@ PODS:
   - hermes-engine (0.74.1):
     - hermes-engine/Pre-built (= 0.74.1)
   - hermes-engine/Pre-built (0.74.1)
-  - OktaOidc (3.11.2):
-    - OktaOidc/AppAuth (= 3.11.2)
-    - OktaOidc/Okta (= 3.11.2)
-  - OktaOidc/AppAuth (3.11.2)
-  - OktaOidc/Okta (3.11.2):
+  - OktaOidc (3.11.7):
+    - OktaOidc/AppAuth (= 3.11.7)
+    - OktaOidc/Okta (= 3.11.7)
+  - OktaOidc/AppAuth (3.11.7)
+  - OktaOidc/Okta (3.11.7):
     - OktaOidc/AppAuth
-  - OktaSdkBridgeReactNative (2.13.0):
-    - OktaOidc (= 3.11.2)
+  - OktaSdkBridgeReactNative (2.16.0):
+    - OktaOidc (= 3.11.7)
     - React
   - RCT-Folly (2024.01.01.00):
     - boost
@@ -1290,7 +1290,73 @@ PODS:
     - ReactCommon/turbomodule/bridging
     - ReactCommon/turbomodule/core
     - Yoga
-  - RNReanimated (3.11.0):
+  - RNReanimated (3.16.5):
+    - DoubleConversion
+    - glog
+    - hermes-engine
+    - RCT-Folly (= 2024.01.01.00)
+    - RCTRequired
+    - RCTTypeSafety
+    - React-Codegen
+    - React-Core
+    - React-debug
+    - React-Fabric
+    - React-featureflags
+    - React-graphics
+    - React-ImageManager
+    - React-NativeModulesApple
+    - React-RCTFabric
+    - React-rendererdebug
+    - React-utils
+    - ReactCommon/turbomodule/bridging
+    - ReactCommon/turbomodule/core
+    - RNReanimated/reanimated (= 3.16.5)
+    - RNReanimated/worklets (= 3.16.5)
+    - Yoga
+  - RNReanimated/reanimated (3.16.5):
+    - DoubleConversion
+    - glog
+    - hermes-engine
+    - RCT-Folly (= 2024.01.01.00)
+    - RCTRequired
+    - RCTTypeSafety
+    - React-Codegen
+    - React-Core
+    - React-debug
+    - React-Fabric
+    - React-featureflags
+    - React-graphics
+    - React-ImageManager
+    - React-NativeModulesApple
+    - React-RCTFabric
+    - React-rendererdebug
+    - React-utils
+    - ReactCommon/turbomodule/bridging
+    - ReactCommon/turbomodule/core
+    - RNReanimated/reanimated/apple (= 3.16.5)
+    - Yoga
+  - RNReanimated/reanimated/apple (3.16.5):
+    - DoubleConversion
+    - glog
+    - hermes-engine
+    - RCT-Folly (= 2024.01.01.00)
+    - RCTRequired
+    - RCTTypeSafety
+    - React-Codegen
+    - React-Core
+    - React-debug
+    - React-Fabric
+    - React-featureflags
+    - React-graphics
+    - React-ImageManager
+    - React-NativeModulesApple
+    - React-RCTFabric
+    - React-rendererdebug
+    - React-utils
+    - ReactCommon/turbomodule/bridging
+    - ReactCommon/turbomodule/core
+    - Yoga
+  - RNReanimated/worklets (3.16.5):
     - DoubleConversion
     - glog
     - hermes-engine
@@ -1579,22 +1645,22 @@ SPEC CHECKSUMS:
   EXConstants: 409690fbfd5afea964e5e9d6c4eb2c2b59222c59
   EXJSONUtils: 30c17fd9cc364d722c0946a550dfbf1be92ef6a4
   EXManifests: c1fab4c3237675e7b0299ea8df0bcb14baca4f42
-  Expo: 6381470c669c3f31c8ac0ebd8e88686f925146ad
-  ExpoAsset: 9b7433ecc5f1b608ccbb823492e062bde944abd2
+  Expo: 8c995afb875c15bf8439af0b20bcb9ed8f90d0bd
+  ExpoAsset: 323700f291684f110fb55f0d4022a3362ea9f875
   ExpoFileSystem: 80bfe850b1f9922c16905822ecbf97acd711dc51
-  ExpoFont: c84702079267ae51161c20bb8b925670907ffa2f
+  ExpoFont: 00756e6c796d8f7ee8d211e29c8b619e75cbf238
   ExpoKeepAwake: 3b8815d9dd1d419ee474df004021c69fdd316d08
-  ExpoModulesCore: 828d63de45d4fbacabe2963fc406a8e9daeed992
-  EXSplashScreen: d439ca817211886dc80a00f3761e3b6d861d7205
+  ExpoModulesCore: 831ece8311a489418746925820bbffdda587d6f4
+  EXSplashScreen: 3cad09949c2ca6730cbb2801b8c51cb87692425a
   EXStructuredHeaders: cb8d1f698e144f4c5547b4c4963e1552f5d2b457
-  EXUpdates: e2fb1affdc20bb2c30961de109aafed6f2f2f036
+  EXUpdates: a1c1a6fd9f36b8cd91033e639640522e54706994
   EXUpdatesInterface: 996527fd7d1a5d271eb523258d603f8f92038f24
   FBLazyVector: 898d14d17bf19e2435cafd9ea2a1033efe445709
   fmt: 4c2741a687cc09f0634a2e2c72a838b99f1ff120
   glog: c5d68082e772fa1c511173d6b30a9de2c05a69a2
   hermes-engine: 16b8530de1b383cdada1476cf52d1b52f0692cbc
-  OktaOidc: 15fb3d494103d4f07ba8a523b3347d02c4d30486
-  OktaSdkBridgeReactNative: cd707ae26ce44751a2e9066a3624a1d7a8028078
+  OktaOidc: 2e6ddf3b1658766bfe1f2b19ef853df1504ae0e5
+  OktaSdkBridgeReactNative: e9aa8b1d028e91e65b44206ca4bff6fa2a3d2996
   RCT-Folly: 02617c592a293bd6d418e0a88ff4ee1f88329b47
   RCTDeprecation: efb313d8126259e9294dc4ee0002f44a6f676aba
   RCTRequired: f49ea29cece52aee20db633ae7edc4b271435562
@@ -1645,12 +1711,12 @@ SPEC CHECKSUMS:
   React-utils: 3285151c9d1e3a28a9586571fc81d521678c196d
   ReactCommon: f42444e384d82ab89184aed5d6f3142748b54768
   RNGestureHandler: 2282cfbcf86c360d29f44ace393203afd5c6cff7
-  RNReanimated: 7ad0f08a845cb60955ee5d461d2156d7b9707118
+  RNReanimated: 7a45b1342a8a48c226dba944c214ba785a4e0f86
   RNScreens: b32a9ff15bea7fcdbe5dff6477bc503f792b1208
   SocketRocket: abac6f5de4d4d62d24e11868d7a2f427e0ef940d
   sqlite3: 02d1f07eaaa01f80a1c16b4b31dfcbb3345ee01a
   Yoga: 348f8b538c3ed4423eb58a8e5730feec50bce372
 
 PODFILE CHECKSUM: c9e35063c1d7126de489c6fa9b112b096c36d9ad
 
-COCOAPODS: 1.15.2
+COCOAPODS: 1.16.2