chore(dependency): specify commons-compress and nimbus-jose-jwt version

camunda · Feb 26, 2024 · 5263636 · 5263636
1 parent 5809bea
commit 5263636
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/connectors/soap/src/test/java/io/camunda/connectors/soap/xml/XmlToJsonMapperTest.java b/connectors/soap/src/test/java/io/camunda/connectors/soap/xml/XmlToJsonMapperTest.java
@@ -84,7 +84,11 @@ void shouldMap(String jsonFile, String xmlFile) throws JsonProcessingException {
     String xmlString =
         mapper.toXmlString(objectMapper.readValue(jsonString, new TypeReference<>() {})).trim();
     String matcher = getResource(xmlFile).trim();
-    assertThat(xmlString).isEqualTo(matcher);
+    assertThat(removeCRChars(xmlString)).isEqualTo(removeCRChars(matcher));
+  }
+
+  private String removeCRChars(String string) {
+    return string.replace("\r", "");
   }
 
   private String getResource(String filename) {

diff --git a/connectors/webhook/pom.xml b/connectors/webhook/pom.xml
@@ -60,11 +60,6 @@
       <artifactId>java-jwt</artifactId>
       <version>${version.auth0.jwt}</version>
     </dependency>
-    <dependency>
-      <groupId>com.nimbusds</groupId>
-      <artifactId>nimbus-jose-jwt</artifactId>
-      <version>${version.nimbus.jose.jwt}</version>
-    </dependency>
     <dependency>
       <groupId>com.auth0</groupId>
       <artifactId>jwks-rsa</artifactId>

diff --git a/parent/pom.xml b/parent/pom.xml
@@ -131,7 +131,6 @@ limitations under the License.</license.inlineheader>
 
     <version.wiremock>3.4.2</version.wiremock>
     <version.auth0.jwt>4.4.0</version.auth0.jwt>
-    <version.nimbus.jose.jwt>9.37.3</version.nimbus.jose.jwt>
     <version.auth0.jwks>0.22.1</version.auth0.jwks>
 
     <!-- maven plugins (not managed by parent) -->
@@ -439,6 +438,20 @@ limitations under the License.</license.inlineheader>
         <version>3.14.0</version>
       </dependency>
 
+      <!-- Fixes CWE-770 -->
+      <dependency>
+        <groupId>com.nimbusds</groupId>
+        <artifactId>nimbus-jose-jwt</artifactId>
+        <version>9.37.3</version>
+      </dependency>
+
+      <!-- Fixes CWE-835 -->
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-compress</artifactId>
+        <version>1.26.0</version>
+      </dependency>
+
       <!-- FIXME: maven resolves protobuf to 3.21.x while zeebe-client is compiled for 3.22.2. This is a temporary fix to be reassessed later. -->
       <dependency>
         <groupId>com.google.protobuf</groupId>