From 05835644f1c9a1da1bc757a459df2d31d8e9aa93 Mon Sep 17 00:00:00 2001 From: Robert Elliot Date: Fri, 13 Sep 2024 11:49:11 +0100 Subject: [PATCH 1/3] fix: upgrade wiremock to remove vulnerability WireMock 3.9.1 updates the transitive dependency on jackson to one without https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538 --- build.gradle | 2 +- .../org/wiremock/extension/jwt/JwtHelperAcceptanceTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 6704bb2..ec17d32 100644 --- a/build.gradle +++ b/build.gradle @@ -22,7 +22,7 @@ repositories { ext { versions = [ - wiremock : "3.5.2", + wiremock : "3.9.1", jwt : '4.4.0', jose4j : '0.9.6', ] diff --git a/src/test/java/org/wiremock/extension/jwt/JwtHelperAcceptanceTest.java b/src/test/java/org/wiremock/extension/jwt/JwtHelperAcceptanceTest.java index 69e2fd2..cc3650b 100644 --- a/src/test/java/org/wiremock/extension/jwt/JwtHelperAcceptanceTest.java +++ b/src/test/java/org/wiremock/extension/jwt/JwtHelperAcceptanceTest.java @@ -223,7 +223,7 @@ void returns_JSON_web_key_for_RSA256_public_key() { JwkRsaKeyProvider keyProvider = new JwkRsaKeyProvider( - new ApacheBackedHttpClient(HttpClientFactory.createClient()), wm.baseUrl()); + new ApacheBackedHttpClient(HttpClientFactory.createClient(), false), wm.baseUrl()); String body = getForTemplate("{{{jwt alg='RS256'}}}"); DecodedJWT jwt = JWT.decode(body); From d5b4601830191dff0201f9d6cee8c6c7fda8661a Mon Sep 17 00:00:00 2001 From: Robert Elliot Date: Fri, 13 Sep 2024 11:50:14 +0100 Subject: [PATCH 2/3] chore: Upgrade dependencies com.auth0:auth0 2.10.0 -> 2.12.0 org.apache.commons:commons-lang3 3.14.0 -> 3.17.0 commons-codec:commons-codec 1.16.0 -> 1.17.1 --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index ec17d32..97adbcf 100644 --- a/build.gradle +++ b/build.gradle @@ -56,12 +56,12 @@ ext { dependencies { api "org.wiremock:wiremock:$versions.wiremock" - implementation "com.auth0:auth0:2.10.0" + implementation "com.auth0:auth0:2.12.0" implementation "com.auth0:java-jwt:$versions.jwt" implementation "com.auth0:jwks-rsa:0.22.1" implementation "org.bitbucket.b_c:jose4j:$versions.jose4j" - implementation 'org.apache.commons:commons-lang3:3.14.0' - implementation 'commons-codec:commons-codec:1.16.0' + implementation 'org.apache.commons:commons-lang3:3.17.0' + implementation 'commons-codec:commons-codec:1.17.1' } shadowJar { From 3d0a19b2c198e89465871fc826b4efa0f2c061dd Mon Sep 17 00:00:00 2001 From: Robert Elliot Date: Fri, 13 Sep 2024 11:51:13 +0100 Subject: [PATCH 3/3] chore: Add .sdkmanrc For those who use SDKMAN! (https://sdkman.io/) --- .sdkmanrc | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .sdkmanrc diff --git a/.sdkmanrc b/.sdkmanrc new file mode 100644 index 0000000..7112338 --- /dev/null +++ b/.sdkmanrc @@ -0,0 +1,3 @@ +# Enable auto-env through the sdkman_auto_env config +# Add key=value pairs of SDKs to use below +java=11.0.18-tem