From 0cf5b822c462f0bd7fc43766e7a2d46742f19304 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Geir=20Arne=20Waagb=C3=B8?=
 <79845894+geir-waagboe@users.noreply.github.com>
Date: Mon, 3 Jun 2024 12:44:05 +0200
Subject: [PATCH] Bump dependencies and fix vulnerabilites (#210)

---
 build.gradle.kts | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index 1cd176d..af91450 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -83,6 +83,14 @@ dependencies {
     }
     // Kafka
     implementation("org.apache.kafka:kafka_2.13:$kafkaVersion", excludeLog4j)
+    constraints {
+        implementation("org.bitbucket.b_c:jose4j") {
+            because("org.bitbucket.b_c:jose4j:0.9.3 -> https://ossindex.sonatype.org/vulnerability/CVE-2023-51775")
+            version {
+                require("$joseVersion")
+            }
+        }
+    }
     implementation("io.confluent:kafka-avro-serializer:$confluentVersion")
     constraints {
         implementation("org.apache.avro:avro") {
@@ -109,7 +117,7 @@ dependencies {
         implementation("org.apache.zookeeper:zookeeper") {
             because("io.confluent:kafka-schema-registry:$confluentVersion -> https://www.cve.org/CVERecord?id=CVE-2023-44981")
             version {
-                require("3.7.2")
+                require("3.9.2")
             }
         }
         implementation("com.google.protobuf:protobuf-java") {
@@ -147,7 +155,6 @@ dependencies {
     testImplementation("no.nav:kafka-embedded-env:$kafkaEmbeddedVersion", excludeLog4j)
 
     testImplementation("com.nimbusds:nimbus-jose-jwt:$nimbusjosejwtVersion")
-    testImplementation("org.bitbucket.b_c:jose4j:$joseVersion")
     testImplementation("io.ktor:ktor-server-test-host:$ktorVersion")
     testImplementation("io.ktor:ktor-client-mock:$ktorVersion")
     testImplementation("io.mockk:mockk:$mockkVersion")