From 8dd1e75054dcc6e0605cc21af579f1ae6ae8ede3 Mon Sep 17 00:00:00 2001
From: Alberto Hormazabal <ahormazabal@exatech.cl>
Date: Fri, 2 Jun 2023 17:06:31 -0400
Subject: [PATCH] Add constraint for nimbus-jose, exclude json-smart

---
 build.gradle | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 49c3260..1fe80ca 100644
--- a/build.gradle
+++ b/build.gradle
@@ -44,9 +44,11 @@ dependencies {
 
     pluginLibs (group: 'com.microsoft.azure', name: 'azure', version: '1.41.4'){
         exclude group: "com.fasterxml.jackson.core"
+        exclude group: "net.minidev", module: "json-smart"
     }
     pluginLibs (group: 'com.microsoft.azure', name: 'azure-storage', version: '8.6.6') {
         exclude group: "com.fasterxml.jackson.core"
+        exclude group: "net.minidev", module: "json-smart"
     }
     pluginLibs group: 'commons-net', name: 'commons-net', version: '3.9.0'
     pluginLibs group: 'commons-io', name: 'commons-io', version: '2.12.0'
@@ -64,8 +66,8 @@ dependencies {
         pluginLibs("com.squareup.retrofit2:adapter-rxjava:2.9.0")  {
             because "retrofit version by azure affected by CVE-2018-1000844"
         }
-        pluginLibs("net.minidev:json-smart:2.4.11")  {
-            because "affected by CVE-2021-31684 CVE-2023-1370 CVE-2021-3168"
+        pluginLibs ('com.nimbusds:nimbus-jose-jwt:9.31') {
+            because "CVE-2023-1370, CVE-2021-31684"
         }
     }