update jose4j version for handling cve CVE-2023-51775 (#7770)

* update jose4j version for handling cve CVE-2023-51775 Signed-off-by: Bhanu Pulluri <bhanu.pulluri@kaleido.io> * remove duplicate line Co-authored-by: Matt Whitehead <matthew1001@hotmail.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Bhanu Pulluri <bhanu.pulluri@kaleido.io> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Bhanu Pulluri <bhanu.pulluri@kaleido.io> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Matt Whitehead <matthew1001@hotmail.com>
1 month ago · 0f4e0d421f
parent c796147781
commit 0f4e0d421f
2 changed files with 10 additions and 0 deletions
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@ -3601,6 +3601,14 @@
            <sha256 value="b579ab836863ad48e578bae9961e1b004bd140afc43e7c3335646b7fb3daf9da" origin="Generated by Gradle"/>
         </artifact>
      </component>
+      <component group="org.bitbucket.b_c" name="jose4j" version="0.9.4">
+         <artifact name="jose4j-0.9.4.jar">
+            <sha256 value="9012aa4c20319d35159030c3bdecade66863030a98338bfdf73a5238849fb9d9" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="jose4j-0.9.4.pom">
+            <sha256 value="e2b9549357f8fb11909b7cb07af339f8dbfe156d84c1ddebb92c81458a9e25b5" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
      <component group="org.bouncycastle" name="bcpg-jdk18on" version="1.77">
         <artifact name="bcpg-jdk18on-1.77.jar">
            <sha256 value="07ae5704f3b729284b646643c798db0984af0126e646233fbd577b34de69fdf2" origin="Generated by Gradle"/>
--- a/gradle/versions.gradle
+++ b/gradle/versions.gradle
@ -27,6 +27,8 @@ dependencyManagement {

    dependency 'com.google.protobuf:protobuf-java:3.25.5'

+    dependency 'org.bitbucket.b_c:jose4j:0.9.4'
+
    dependency 'com.github.oshi:oshi-core:6.6.3'

    dependency 'com.google.auto.service:auto-service:1.1.1'