From fe6e6e518bd8e43310cfdb426974528c50084911 Mon Sep 17 00:00:00 2001
From: Emily Jiang <emijiang6@googlemail.com>
Date: Thu, 6 Oct 2022 09:42:46 +0100
Subject: [PATCH] Use the parent pom 2.6 to avoid the potential CVE issue with
 arquillian

---
 pom.xml                                              |  4 ++--
 tck/pom.xml                                          | 12 ++++++++++++
 .../jwe/RolesAllowedSignEncryptRsaOaepTest.java      |  1 -
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 45e8fe1..ed88675 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.eclipse.microprofile</groupId>
         <artifactId>microprofile-parent</artifactId>
-        <version>2.4</version>
+        <version>2.6</version>
     </parent>
 
     <groupId>org.eclipse.microprofile.jwt</groupId>
@@ -36,7 +36,7 @@
         <version.microprofile.config>3.0</version.microprofile.config>
         <version.jose4j>0.7.9</version.jose4j>
         <version.osgi.versioning>1.1.0</version.osgi.versioning>
-
+        <version.microprofile.tck.bom>2.6</version.microprofile.tck.bom>
         <inceptionYear>2017</inceptionYear>
     </properties>
 
diff --git a/tck/pom.xml b/tck/pom.xml
index 8f38288..d35e119 100644
--- a/tck/pom.xml
+++ b/tck/pom.xml
@@ -25,6 +25,18 @@
     <artifactId>microprofile-jwt-auth-tck</artifactId>
     <name>MicroProfile JWT Auth TCK</name>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.eclipse.microprofile</groupId>
+                <artifactId>microprofile-tck-bom</artifactId>
+                <version>${version.microprofile.tck.bom}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+    
     <dependencies>
         <dependency>
             <groupId>org.eclipse.microprofile.jwt</groupId>
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/RolesAllowedSignEncryptRsaOaepTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/RolesAllowedSignEncryptRsaOaepTest.java
index ac9e1ed..012d5d9 100644
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/RolesAllowedSignEncryptRsaOaepTest.java
+++ b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/RolesAllowedSignEncryptRsaOaepTest.java
@@ -108,7 +108,6 @@ private static String signEncryptClaimsWithOptionalCty(String jsonResName, boole
         return TokenUtils.signEncryptClaims(signingKey, null, encryptionKey, null, jsonResName, cty);
     }
 
-
     @RunAsClient
     @Test(groups = TEST_GROUP_JAXRS, description = "Validate a request with RSA-OAEP encrypted token succeeds")
     public void callEchoRsaOaep() {