Merge pull request #352 from okta/vuln_libs_update

Update libraries to address CVEs
okta · Oct 13, 2023 · d9102ca · d9102ca
2 parents 4848509 + 5bf425f
commit d9102ca
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 9 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -62,15 +62,17 @@ dependencies {
 
     implementation "com.google.android.material:material:1.7.0"
     implementation 'androidx.biometric:biometric:1.1.0'
-    implementation 'com.okta.authn.sdk:okta-authn-sdk-api:2.0.10'
-    implementation('com.okta.authn.sdk:okta-authn-sdk-impl:2.0.10') {
+    implementation 'com.okta.authn.sdk:okta-authn-sdk-api:2.0.11'
+    implementation('com.okta.authn.sdk:okta-authn-sdk-impl:2.0.11') {
         exclude group: 'com.okta.sdk', module: 'okta-sdk-httpclient'
     }
 
     implementation 'org.yaml:snakeyaml:2.0'
     implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.2'
     implementation 'com.okta.sdk:okta-sdk-okhttp:8.2.2'
     implementation "com.squareup.okhttp3:okhttp:${rootProject.okhttpVersion}"
+    implementation "com.squareup.okio:okio:${rootProject.okioVersion}"
+    implementation "com.squareup.okio:okio-jvm:${rootProject.okioVersion}"
     androidTestImplementation "androidx.browser:browser:${rootProject.browserVersion}"
     // Core library
     androidTestImplementation 'androidx.test:core:1.5.0'
@@ -130,9 +132,3 @@ task restoreDeviceSettings(type: Exec) {
 dependencyCheck {
     suppressionFile file("../dependency-suppression.xml").toString()
 }
-
-configurations.all {
-    resolutionStrategy {
-        force 'org.bouncycastle:bcprov-jdk15on:1.70'
-    }
-}
diff --git a/build.gradle b/build.gradle
@@ -83,7 +83,8 @@ ext {
     junitVersion = '4.13.2'
     mockitoVersion = "4.6.1"
     robolectricVersion = '4.10.3'
-    okhttpVersion = '4.10.0'
+    okhttpVersion = '4.11.0'
+    okioVersion = '3.4.0'
     jsonWebTokenVersion = '0.11.2'
     assertjCoreVersion = '3.16.1'
 

diff --git a/library/build.gradle b/library/build.gradle
@@ -64,6 +64,8 @@ dependencies {
     testImplementation "org.robolectric:robolectric:${rootProject.robolectricVersion}"
     testImplementation "com.squareup.okhttp3:mockwebserver:${rootProject.okhttpVersion}"
     testImplementation "com.squareup.okhttp3:okhttp:${rootProject.okhttpVersion}"
+    testImplementation "com.squareup.okio:okio:${rootProject.okioVersion}"
+    testImplementation "com.squareup.okio:okio-jvm:${rootProject.okioVersion}"
     testImplementation "org.assertj:assertj-core:${rootProject.assertjCoreVersion}"
     testImplementation "io.jsonwebtoken:jjwt-api:${rootProject.jsonWebTokenVersion}"
     testImplementation "io.jsonwebtoken:jjwt-impl:${rootProject.jsonWebTokenVersion}"