From ce5570bb0679c4b9be2b4c78a80d5c49cb0b99af Mon Sep 17 00:00:00 2001 From: Frederico Alves Date: Tue, 9 May 2023 10:56:23 +0100 Subject: [PATCH] Address CVE-2023-1370 Bump oauth2-oidc-sdk to 10.7.1 to update json-smart to 2.4.10 --- dependencies/spring-security-dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies/spring-security-dependencies.gradle b/dependencies/spring-security-dependencies.gradle index ddeb2314c5..0fec32511b 100644 --- a/dependencies/spring-security-dependencies.gradle +++ b/dependencies/spring-security-dependencies.gradle @@ -20,7 +20,7 @@ dependencies { api "ch.qos.logback:logback-classic:1.2.12" api "com.google.inject:guice:3.0" api "com.nimbusds:nimbus-jose-jwt:9.24.4" - api "com.nimbusds:oauth2-oidc-sdk:9.43.1" + api "com.nimbusds:oauth2-oidc-sdk:10.7.1" api "com.squareup.okhttp3:mockwebserver:3.14.9" api "com.squareup.okhttp3:okhttp:3.14.9" api "com.unboundid:unboundid-ldapsdk:4.0.14"