Resolve indirect dep CVE from adal4j

codefromthecrypt · codefromthecrypt · commit d6658036eec9 · 2024-03-08T15:40:25.000+08:00
Signed-off-by: Adrian Cole &lt;adrian@tetrate.io&gt;
diff --git a/pom.xml b/pom.xml
@@ -146,6 +146,13 @@
         <version>1.6.7</version>
         <optional>true</optional>
       </dependency>
+      <!-- override the version in adal4j which has a CVE -->
+      <dependency>
+        <groupId>net.minidev</groupId>
+        <artifactId>json-smart</artifactId>
+        <version>2.5.0</version>
+        <optional>true</optional>
+      </dependency>
       <dependency>
         <groupId>com.amazonaws</groupId>
         <artifactId>aws-java-sdk-sts</artifactId>
