From 240dfc23ea078a5eba6cb823707130629116a3b0 Mon Sep 17 00:00:00 2001
From: Luis Toledo <luis@variacode.com>
Date: Thu, 1 Jun 2023 11:10:54 -0400
Subject: [PATCH 1/3] upgrade libraries azure-object-store-plugin

---
 plugins/azure-object-store-plugin/build.gradle | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/plugins/azure-object-store-plugin/build.gradle b/plugins/azure-object-store-plugin/build.gradle
index 952e394b0a2..cf23adf20e2 100644
--- a/plugins/azure-object-store-plugin/build.gradle
+++ b/plugins/azure-object-store-plugin/build.gradle
@@ -21,22 +21,28 @@ dependencies {
     // Use the latest Groovy version for building this library
     implementation "org.codehaus.groovy:groovy:${groovyVersion}"
 
-    pluginLibs (group: 'com.microsoft.azure', name: 'azure', version: '1.3.0'){
+    pluginLibs (group: 'com.microsoft.azure', name: 'azure', version: '1.41.4'){
         exclude group: "com.fasterxml.jackson.core"
     }
-    pluginLibs (group: 'com.microsoft.azure', name: 'azure-storage', version: '6.1.0') {
+    pluginLibs (group: 'com.microsoft.azure', name: 'azure-storage', version: '8.6.6') {
         exclude group: "com.fasterxml.jackson.core"
     }
 
     // Use the awesome Spock testing and specification framework
     testImplementation 'org.spockframework:spock-core:2.0-groovy-3.0'
     testImplementation "com.squareup.okhttp3:mockwebserver:3.11.0"
-    testImplementation "org.testcontainers:testcontainers:1.15.0"
+    testImplementation "org.testcontainers:testcontainers:1.18.2"
     testImplementation "cglib:cglib-nodep:3.2.5"
     testImplementation 'org.objenesis:objenesis:1.4'
     testImplementation "org.slf4j:slf4j-simple:1.6.1"
     testImplementation "org.codehaus.groovy:groovy-all:${groovyVersion}"
     testImplementation "org.spockframework:spock-core:2.0-groovy-3.0"
+
+    constraints {
+        pluginLibs("net.minidev:json-smart:2.4.11")  {
+            because "json-smart affected by CVE-2023-1370 CVE-2021-31684"
+        }
+    }
 }
 
 repositories {

From 0981f501cf318817a5206953af38a9c47b387d8e Mon Sep 17 00:00:00 2001
From: Luis Toledo <luis@variacode.com>
Date: Thu, 1 Jun 2023 15:55:48 -0400
Subject: [PATCH 2/3] fix okhttp3 cves

---
 plugins/azure-object-store-plugin/build.gradle | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/plugins/azure-object-store-plugin/build.gradle b/plugins/azure-object-store-plugin/build.gradle
index cf23adf20e2..fe96a16bb5e 100644
--- a/plugins/azure-object-store-plugin/build.gradle
+++ b/plugins/azure-object-store-plugin/build.gradle
@@ -30,7 +30,7 @@ dependencies {
 
     // Use the awesome Spock testing and specification framework
     testImplementation 'org.spockframework:spock-core:2.0-groovy-3.0'
-    testImplementation "com.squareup.okhttp3:mockwebserver:3.11.0"
+    testImplementation "com.squareup.okhttp3:mockwebserver:4.11.0"
     testImplementation "org.testcontainers:testcontainers:1.18.2"
     testImplementation "cglib:cglib-nodep:3.2.5"
     testImplementation 'org.objenesis:objenesis:1.4'
@@ -42,6 +42,12 @@ dependencies {
         pluginLibs("net.minidev:json-smart:2.4.11")  {
             because "json-smart affected by CVE-2023-1370 CVE-2021-31684"
         }
+        pluginLibs("com.squareup.okhttp3:okhttp:4.11.0")  {
+            because "json-smart affected by PRISMA-2022-0239"
+        }
+        pluginLibs("com.squareup.okhttp3:okhttp-urlconnection:4.11.0")  {
+            because "json-smart affected by PRISMA-2022-0239"
+        }
     }
 }
 

From c8c97ca3709d72cd4e37cbaaa0fc1155db048b83 Mon Sep 17 00:00:00 2001
From: Luis Toledo <luis@variacode.com>
Date: Thu, 1 Jun 2023 17:21:03 -0400
Subject: [PATCH 3/3] remive okhttp3 upgrade

---
 plugins/azure-object-store-plugin/build.gradle | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/plugins/azure-object-store-plugin/build.gradle b/plugins/azure-object-store-plugin/build.gradle
index c9b912f12ff..fe20ee010e7 100644
--- a/plugins/azure-object-store-plugin/build.gradle
+++ b/plugins/azure-object-store-plugin/build.gradle
@@ -42,12 +42,6 @@ dependencies {
         pluginLibs("net.minidev:json-smart:2.4.11")  {
             because "json-smart affected by CVE-2023-1370 CVE-2021-31684"
         }
-        pluginLibs("com.squareup.okhttp3:okhttp:4.11.0")  {
-            because "json-smart affected by PRISMA-2022-0239"
-        }
-        pluginLibs("com.squareup.okhttp3:okhttp-urlconnection:4.11.0")  {
-            because "json-smart affected by PRISMA-2022-0239"
-        }
     }
 }