Merge pull request #3175 from codefromthecrypt/fix-adal4j-cve

k8s-ci-robot · web-flow · commit 75f0acdbac43 · 2024-03-08T11:22:59.000-08:00
Resolve indirect dep CVE from adal4j
diff --git a/pom.xml b/pom.xml
@@ -146,6 +146,13 @@
         <version>1.6.7</version>
         <optional>true</optional>
       </dependency>
+      <!-- override the version in adal4j which has a CVE -->
+      <dependency>
+        <groupId>net.minidev</groupId>
+        <artifactId>json-smart</artifactId>
+        <version>2.5.0</version>
+        <optional>true</optional>
+      </dependency>
       <dependency>
         <groupId>com.amazonaws</groupId>
         <artifactId>aws-java-sdk-sts</artifactId>
