From 0b38dc2b9f1a45405dce1cb378f1a546a8c07411 Mon Sep 17 00:00:00 2001
From: Arvind Krishnakumar <arvind.krishnakumar@okta.com>
Date: Thu, 29 Jun 2023 09:18:45 -0500
Subject: [PATCH 1/2] Fix CVEs

---
 impl/pom.xml                    |  7 ++++++-
 integration-tests/pom.xml       |  1 -
 pom.xml                         |  7 ++++++-
 src/owasp/owasp-suppression.xml | 25 +++----------------------
 4 files changed, 15 insertions(+), 25 deletions(-)

diff --git a/impl/pom.xml b/impl/pom.xml
index 5376011870a..4078651d079 100644
--- a/impl/pom.xml
+++ b/impl/pom.xml
@@ -109,7 +109,7 @@
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-api-mockito2</artifactId>
-            <version>2.0.4</version>
+            <version>2.0.9</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -128,6 +128,11 @@
             <version>9.30.2</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index 62e887124e4..072d744cc69 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -66,7 +66,6 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>31.1-jre</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/pom.xml b/pom.xml
index 04f53f15bb8..9b8b1c217d4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -178,7 +178,12 @@
                 <version>1.1.0</version>
                 <optional>true</optional>
             </dependency>
-
+            <dependency>
+                <groupId>com.google.guava</groupId>
+                <artifactId>guava</artifactId>
+                <version>32.0.1-jre</version>
+                <scope>test</scope>
+            </dependency>
             <dependency>
                 <groupId>org.testng</groupId>
                 <artifactId>testng</artifactId>
diff --git a/src/owasp/owasp-suppression.xml b/src/owasp/owasp-suppression.xml
index 09d7c907233..8f15c83d767 100644
--- a/src/owasp/owasp-suppression.xml
+++ b/src/owasp/owasp-suppression.xml
@@ -19,29 +19,10 @@
   -->
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
-    <!-- False Positive - See https://github.com/jeremylong/DependencyCheck/issues/4558 -->
+    <!-- False positive, see https://github.com/jeremylong/DependencyCheck/issues/5779 -->
     <suppress>
-        <notes><![CDATA[ file name: spring-core-5.3.20.jar]]></notes>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-
-    <!-- False Positive - See https://github.com/jeremylong/DependencyCheck/issues/5502 -->
-    <suppress>
-        <notes><![CDATA[FP per issue #5502]]></notes>
-        <cve>CVE-2022-45688</cve>
-    </suppress>
-
-    <!-- openapi generator is used for build time code generation purpose only, should not affect runtime -->
-    <suppress>
-        <notes><![CDATA[ file name: openapi-generator-core-6.4.0.jar]]></notes>
-        <cve>CVE-2023-27162</cve>
-    </suppress>
-
-    <!-- upgrade to spring 6 will resolve this -->
-    <suppress>
-        <notes><![CDATA[ file name: spring-core-5.3.23.jar]]></notes>
-        <cve>CVE-2023-20860</cve>
-        <cve>CVE-2023-20861</cve>
+        <notes><![CDATA[ file name: jackson-databind-2.15.2.jar]]></notes>
+        <cve>CVE-2023-35116</cve>
     </suppress>
 
 </suppressions>

From d6fc242f699147f12a97cc61239a9a3d50e23ff1 Mon Sep 17 00:00:00 2001
From: Arvind Krishnakumar <arvind.krishnakumar@okta.com>
Date: Thu, 29 Jun 2023 09:43:03 -0500
Subject: [PATCH 2/2] updates

---
 impl/pom.xml              | 27 +++++++++++++--------------
 integration-tests/pom.xml |  6 ------
 pom.xml                   |  3 ++-
 3 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/impl/pom.xml b/impl/pom.xml
index 4078651d079..00abfdb488f 100644
--- a/impl/pom.xml
+++ b/impl/pom.xml
@@ -87,12 +87,6 @@
             <artifactId>javax.annotation-api</artifactId>
             <optional>true</optional>
         </dependency>
-        <dependency>
-            <!-- compile time annotation processor -->
-            <groupId>com.google.auto.service</groupId>
-            <artifactId>auto-service</artifactId>
-            <optional>true</optional>
-        </dependency>
 
         <!-- Test deps -->
         <dependency>
@@ -131,19 +125,11 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <scope>test</scope>
         </dependency>
     </dependencies>
 
     <build>
         <resources>
-            <resource>
-                <directory>src/main/resources</directory>
-                <filtering>false</filtering>
-                <excludes>
-                    <exclude>**/version.properties</exclude>
-                </excludes>
-            </resource>
             <resource>
                 <directory>src/main/resources</directory>
                 <filtering>true</filtering>
@@ -157,6 +143,19 @@
         </resources>
 
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>com.google.auto.service</groupId>
+                            <artifactId>auto-service</artifactId>
+                            <version>${com.google.auto.service.version}</version>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>build-helper-maven-plugin</artifactId>
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index 072d744cc69..d7e64b08bdf 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -68,12 +68,6 @@
             <artifactId>guava</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.aerogear</groupId>
-            <artifactId>aerogear-otp-java</artifactId>
-            <version>1.0.0</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>de.sstoehr</groupId>
             <artifactId>har-reader</artifactId>
diff --git a/pom.xml b/pom.xml
index 9b8b1c217d4..68dffb2755a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,6 +41,7 @@
         <org.apache.httpcomponents.client5.version>5.2.1</org.apache.httpcomponents.client5.version>
         <okta.sdk.previousVersion>11.0.3</okta.sdk.previousVersion>
         <okta.commons.version>1.3.3</okta.commons.version>
+        <com.google.auto.service.version>1.1.1</com.google.auto.service.version>
         <github.slug>okta/okta-sdk-java</github.slug>
     </properties>
 
@@ -175,7 +176,7 @@
             <dependency>
                 <groupId>com.google.auto.service</groupId>
                 <artifactId>auto-service</artifactId>
-                <version>1.1.0</version>
+                <version>${com.google.auto.service.version}</version>
                 <optional>true</optional>
             </dependency>
             <dependency>