Skip to content

Commit f944078

Browse files
jkakavasjkakavas
authored
Update oidc related dependencies (#71521)
Update: Non-issue, no notable changes. - json-smart from 2.3 to 2.4.2 - accessors-smart from 1.2 to 2.4.2 - asm from 7.1 to 8.0.1 - nimbus-jose-jwt from 8.6 to 9.8.1 - oauth2-oidc-sdk from 7.0.2 to 9.3.1
1 parent 8cb0985 commit f944078

File tree

13 files changed

+59
-56
lines changed

13 files changed

+59
-56
lines changed

x-pack/plugin/security/build.gradle

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -59,14 +59,14 @@ dependencies {
5959
runtimeOnly 'com.google.guava:guava:19.0'
6060

6161
// Dependencies for oidc
62-
api "com.nimbusds:oauth2-oidc-sdk:7.0.2"
63-
api "com.nimbusds:nimbus-jose-jwt:8.6"
62+
api "com.nimbusds:oauth2-oidc-sdk:9.3.1"
63+
api "com.nimbusds:nimbus-jose-jwt:9.8.1"
6464
api "com.nimbusds:lang-tag:1.4.4"
6565
api "com.sun.mail:jakarta.mail:1.6.3"
6666
api "net.jcip:jcip-annotations:1.0"
67-
api "net.minidev:json-smart:2.3"
68-
api "net.minidev:accessors-smart:1.2"
69-
api "org.ow2.asm:asm:7.1"
67+
api "net.minidev:json-smart:2.4.2"
68+
api "net.minidev:accessors-smart:2.4.2"
69+
api "org.ow2.asm:asm:8.0.1"
7070

7171
testImplementation 'org.elasticsearch:securemock:1.2'
7272
testImplementation "org.elasticsearch:mocksocket:${versions.mocksocket}"
@@ -84,7 +84,7 @@ dependencies {
8484
testImplementation('org.apache.kerby:kerb-crypto:1.1.1')
8585
testImplementation('org.apache.kerby:kerb-util:1.1.1')
8686
testImplementation('org.apache.kerby:token-provider:1.1.1')
87-
testImplementation('com.nimbusds:nimbus-jose-jwt:8.6')
87+
testImplementation('com.nimbusds:nimbus-jose-jwt:9.8.1')
8888
testImplementation('net.jcip:jcip-annotations:1.0')
8989
testImplementation('org.apache.kerby:kerb-admin:1.1.1')
9090
testImplementation('org.apache.kerby:kerb-server:1.1.1')
@@ -264,13 +264,6 @@ tasks.named("thirdPartyAudit").configure {
264264
'net.sf.ehcache.Element',
265265
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
266266
'org.slf4j.ext.EventData',
267-
// Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
268-
'org.cryptomator.siv.SivMode',
269-
// Optional dependency of nimbus-jose-jwt for handling Ed25519 signatures and ECDH with X25519 (RFC 8037)
270-
'com.google.crypto.tink.subtle.Ed25519Sign',
271-
'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair',
272-
'com.google.crypto.tink.subtle.Ed25519Verify',
273-
'com.google.crypto.tink.subtle.X25519',
274267
// Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
275268
// acknowledge them here instead of adding bouncy castle as a compileOnly dependency
276269
'org.bouncycastle.asn1.ASN1Encodable',
@@ -420,11 +413,13 @@ tasks.named("thirdPartyAudit").configure {
420413
'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
421414
'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
422415
'org.bouncycastle.jce.provider.BouncyCastleProvider',
416+
'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider',
423417
'org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec',
424418
'org.bouncycastle.math.ec.ECFieldElement',
425419
'org.bouncycastle.math.ec.ECPoint',
426420
'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
427421
'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
422+
'org.bouncycastle.operator.OperatorCreationException',
428423
'org.bouncycastle.util.Arrays',
429424
'org.bouncycastle.util.Strings',
430425
'org.bouncycastle.util.io.Streams',
@@ -454,7 +449,13 @@ tasks.named("thirdPartyAudit").configure {
454449
'javax.xml.bind.JAXBException',
455450
'javax.xml.bind.Unmarshaller',
456451
'javax.xml.bind.UnmarshallerHandler',
457-
// Optional dependencies of oauth2-oidc-sdk
452+
// Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
453+
'org.cryptomator.siv.SivMode',
454+
// Optional dependency of nimbus-jose-jwt for handling Ed25519 signatures and ECDH with X25519 (RFC 8037)
455+
'com.google.crypto.tink.subtle.Ed25519Sign',
456+
'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair',
457+
'com.google.crypto.tink.subtle.Ed25519Verify',
458+
'com.google.crypto.tink.subtle.X25519',
458459
'com.nimbusds.common.contenttype.ContentType',
459460
'javax.activation.ActivationDataFlavor',
460461
'javax.activation.DataContentHandler',

x-pack/plugin/security/licenses/accessors-smart-1.2.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

x-pack/plugin/security/licenses/accessors-smart-2.4.2.jar.sha1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
4f09981a3c80f0766998c68d83bfd060812d5bcd

x-pack/plugin/security/licenses/asm-7.1.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

x-pack/plugin/security/licenses/asm-8.0.1.jar.sha1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
3f5199523fb95304b44563f5d56d9f5a07270669

x-pack/plugin/security/licenses/json-smart-2.3.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

x-pack/plugin/security/licenses/json-smart-2.4.2.jar.sha1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
a7fcd0f985696c37cd3546f19c85c2ff367f2e85

x-pack/plugin/security/licenses/nimbus-jose-jwt-8.6.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

x-pack/plugin/security/licenses/nimbus-jose-jwt-9.8.1.jar.sha1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
2af7f734313320e4b156522d22ce32b775633909

x-pack/plugin/security/licenses/oauth2-oidc-sdk-7.0.2.jar.sha1

Lines changed: 0 additions & 1 deletion
This file was deleted.

0 commit comments

Comments
 (0)