Merge branch 'cve-fix' into 'master'

fix: nimbus and commons-io cve See merge request !503

Merge branch 'cve-fix' into 'master'
d11e04e4 · Derek Zhang · 3fb2ecaf · 6b33011d · d11e04e4 · d11e04e4
Commit d11e04e4 authored 4 months ago by Derek Zhang
--- a/NOTICE
+++ b/NOTICE
@@ -307,7 +307,6 @@ BSD-2-Clause
 The following software have components provided under the terms of this license:

 - Apache Log4j Core (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core)
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
 - Hamcrest Core (from http://hamcrest.org/, http://hamcrest.org/JavaHamcrest/, https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core)
 - HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
 - Jodd Util (from https://util.jodd.org)
@@ -454,6 +453,7 @@ The following software have components provided under the terms of this license:
 - JUnit Platform Engine API (from http://junit.org/junit5/, https://junit.org/junit5/)
 - Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
+- Jakarta Dependency Injection (from https://github.com/eclipse-ee4j/injection-api)
 - Jakarta Expression Language API (from https://projects.eclipse.org/projects/ee4j.el)
 - Jakarta Messaging API (from https://projects.eclipse.org/projects/ee4j.jms)
 - Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api, https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
@@ -482,6 +482,7 @@ The following software have components provided under the terms of this license:
 - Jackson-core (from http://wiki.fasterxml.com/JacksonHome, https://github.com/FasterXML/jackson-core)
 - Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
+- Jakarta Dependency Injection (from https://github.com/eclipse-ee4j/injection-api)
 - Jakarta Expression Language API (from https://projects.eclipse.org/projects/ee4j.el)
 - Jakarta Messaging API (from https://projects.eclipse.org/projects/ee4j.jms)
 - Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api, https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
@@ -502,7 +503,6 @@ ISC
 ========================================================================
 The following software have components provided under the terms of this license:

- Java Native Access Platform (from https://github.com/java-native-access/jna)
 - Spring Security - Core (from http://spring.io/spring-security, https://repo1.maven.org/maven2/org/springframework/security/spring-security-core, https://spring.io/projects/spring-security, https://spring.io/spring-security)

 ========================================================================
@@ -524,6 +524,7 @@ LGPL-2.1-or-later
 The following software have components provided under the terms of this license:

 - Java Native Access (from https://github.com/java-native-access/jna, https://github.com/twall/jna)
+- Java Native Access Platform (from https://github.com/java-native-access/jna)
 - Javassist (from http://www.javassist.org/, https://www.javassist.org/)

 ========================================================================
@@ -651,7 +652,6 @@ public-domain
 ========================================================================
 The following software have components provided under the terms of this license:

- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
 - JBoss Logging 3 (from http://www.jboss.org)
 - JSON in Java (from https://github.com/douglascrockford/JSON-java)
 - PostgreSQL JDBC Driver
--- a/provider/register-aws/pom.xml
+++ b/provider/register-aws/pom.xml
@@ -107,7 +107,7 @@
      <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
-            <version>2.11.0</version>
+            <version>2.14.0</version>
            <scope>compile</scope>
        </dependency>
        <dependency>

--- a/register-core/pom.xml
+++ b/register-core/pom.xml
@@ -92,7 +92,7 @@
        <dependency>
            <groupId>com.nimbusds</groupId>
            <artifactId>nimbus-jose-jwt</artifactId>
-            <version>8.2</version>
+            <version>9.37.2</version>
            <exclusions>
                <exclusion>
                        <groupId>net.minidev</groupId>