From ce5570bb0679c4b9be2b4c78a80d5c49cb0b99af Mon Sep 17 00:00:00 2001
From: Frederico Alves <frederico.alves@getmanta.com>
Date: Tue, 9 May 2023 10:56:23 +0100
Subject: [PATCH 1/2] Address CVE-2023-1370

Bump oauth2-oidc-sdk to 10.7.1 to update json-smart to 2.4.10
---
 dependencies/spring-security-dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependencies/spring-security-dependencies.gradle b/dependencies/spring-security-dependencies.gradle
index ddeb2314c5..0fec32511b 100644
--- a/dependencies/spring-security-dependencies.gradle
+++ b/dependencies/spring-security-dependencies.gradle
@@ -20,7 +20,7 @@ dependencies {
 		api "ch.qos.logback:logback-classic:1.2.12"
 		api "com.google.inject:guice:3.0"
 		api "com.nimbusds:nimbus-jose-jwt:9.24.4"
-		api "com.nimbusds:oauth2-oidc-sdk:9.43.1"
+		api "com.nimbusds:oauth2-oidc-sdk:10.7.1"
 		api "com.squareup.okhttp3:mockwebserver:3.14.9"
 		api "com.squareup.okhttp3:okhttp:3.14.9"
 		api "com.unboundid:unboundid-ldapsdk:4.0.14"

From ed0369ac7167f3c7ce2e0c754a623c1340f5a064 Mon Sep 17 00:00:00 2001
From: Frederico Alves <frederico.alves@getmanta.com>
Date: Fri, 12 May 2023 10:34:47 +0100
Subject: [PATCH 2/2] Address CVE-2023-1370 Change oauth2-oidc-sdk to 9.43.2

---
 dependencies/spring-security-dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependencies/spring-security-dependencies.gradle b/dependencies/spring-security-dependencies.gradle
index 0fec32511b..a9e39f37c5 100644
--- a/dependencies/spring-security-dependencies.gradle
+++ b/dependencies/spring-security-dependencies.gradle
@@ -20,7 +20,7 @@ dependencies {
 		api "ch.qos.logback:logback-classic:1.2.12"
 		api "com.google.inject:guice:3.0"
 		api "com.nimbusds:nimbus-jose-jwt:9.24.4"
-		api "com.nimbusds:oauth2-oidc-sdk:10.7.1"
+		api "com.nimbusds:oauth2-oidc-sdk:9.43.2"
 		api "com.squareup.okhttp3:mockwebserver:3.14.9"
 		api "com.squareup.okhttp3:okhttp:3.14.9"
 		api "com.unboundid:unboundid-ldapsdk:4.0.14"