From deb55d8e6b661811ed297886c61d45abb415087b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:29:58 +0000 Subject: [PATCH 1/2] chore(deps): bump the github group across 1 directory with 21 updates Bumps the github group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.17.2` | `2.18.1` | | [com.fasterxml.jackson.module:jackson-module-kotlin](https://github.com/FasterXML/jackson-module-kotlin) | `2.17.2` | `2.18.1` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.7` | `1.5.12` | | [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) | `11.18` | `11.20.1` | | [io.netty:netty-codec-http](https://github.com/netty/netty) | `4.1.112.Final` | `4.1.114.Final` | | [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) | `1.78.1` | `1.79` | | [org.jetbrains.kotlinx:kotlinx-serialization-json](https://github.com/Kotlin/kotlinx.serialization) | `1.7.1` | `1.7.3` | | [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit5) | `5.11.0` | `5.11.3` | | [org.junit.jupiter:junit-jupiter-params](https://github.com/junit-team/junit5) | `5.11.0` | `5.11.3` | | [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit5) | `5.11.0` | `5.11.3` | | [org.jetbrains.kotlin:kotlin-test-junit5](https://github.com/JetBrains/kotlin) | `2.0.20` | `2.0.21` | | [org.springframework.boot:spring-boot-starter-webflux](https://github.com/spring-projects/spring-boot) | `3.3.3` | `3.3.5` | | [org.springframework.boot:spring-boot-starter-oauth2-resource-server](https://github.com/spring-projects/spring-boot) | `3.3.3` | `3.3.5` | | [org.springframework.boot:spring-boot-starter-oauth2-client](https://github.com/spring-projects/spring-boot) | `3.3.3` | `3.3.5` | | [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot) | `3.3.3` | `3.3.5` | | [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot) | `3.3.3` | `3.3.5` | | [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) | `2.2` | `2.3` | | [io.projectreactor:reactor-test](https://github.com/reactor/reactor-core) | `3.6.9` | `3.6.11` | | [com.fasterxml.woodstox:woodstox-core](https://github.com/FasterXML/woodstox) | `7.0.0` | `7.1.0` | | [jvm](https://github.com/JetBrains/kotlin) | `2.0.20` | `2.0.21` | | com.google.cloud.tools.jib | `3.4.3` | `3.4.4` | Updates `com.fasterxml.jackson.core:jackson-databind` from 2.17.2 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.module:jackson-module-kotlin` from 2.17.2 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson-module-kotlin/compare/jackson-module-kotlin-2.17.2...jackson-module-kotlin-2.18.1) Updates `ch.qos.logback:logback-classic` from 1.5.7 to 1.5.12 - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.7...v_1.5.12) Updates `com.nimbusds:oauth2-oidc-sdk` from 11.18 to 11.20.1 - [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt) - [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.20.1..11.18) Updates `io.netty:netty-codec-http` from 4.1.112.Final to 4.1.114.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.112.Final...netty-4.1.114.Final) Updates `com.fasterxml.jackson.module:jackson-module-kotlin` from 2.17.2 to 2.18.1 - [Commits](https://github.com/FasterXML/jackson-module-kotlin/compare/jackson-module-kotlin-2.17.2...jackson-module-kotlin-2.18.1) Updates `org.bouncycastle:bcpkix-jdk18on` from 1.78.1 to 1.79 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.jetbrains.kotlinx:kotlinx-serialization-json` from 1.7.1 to 1.7.3 - [Release notes](https://github.com/Kotlin/kotlinx.serialization/releases) - [Changelog](https://github.com/Kotlin/kotlinx.serialization/blob/master/CHANGELOG.md) - [Commits](https://github.com/Kotlin/kotlinx.serialization/compare/v1.7.1...v1.7.3) Updates `org.junit.jupiter:junit-jupiter-api` from 5.11.0 to 5.11.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.3) Updates `org.junit.jupiter:junit-jupiter-params` from 5.11.0 to 5.11.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.3) Updates `org.junit.jupiter:junit-jupiter-engine` from 5.11.0 to 5.11.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.3) Updates `org.junit.jupiter:junit-jupiter-params` from 5.11.0 to 5.11.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.3) Updates `org.jetbrains.kotlin:kotlin-test-junit5` from 2.0.20 to 2.0.21 - [Release notes](https://github.com/JetBrains/kotlin/releases) - [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md) - [Commits](https://github.com/JetBrains/kotlin/compare/v2.0.20...v2.0.21) Updates `org.junit.jupiter:junit-jupiter-engine` from 5.11.0 to 5.11.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.3) Updates `org.springframework.boot:spring-boot-starter-webflux` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-starter-oauth2-client` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-starter-test` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-test` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-starter-oauth2-client` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-starter-test` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.springframework.boot:spring-boot-test` from 3.3.3 to 3.3.5 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.5) Updates `org.yaml:snakeyaml` from 2.2 to 2.3 - [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.3..snakeyaml-2.2) Updates `io.projectreactor:reactor-test` from 3.6.9 to 3.6.11 - [Release notes](https://github.com/reactor/reactor-core/releases) - [Commits](https://github.com/reactor/reactor-core/compare/v3.6.9...v3.6.11) Updates `com.fasterxml.woodstox:woodstox-core` from 7.0.0 to 7.1.0 - [Commits](https://github.com/FasterXML/woodstox/compare/woodstox-core-7.0.0...woodstox-core-7.1.0) Updates `jvm` from 2.0.20 to 2.0.21 - [Release notes](https://github.com/JetBrains/kotlin/releases) - [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md) - [Commits](https://github.com/JetBrains/kotlin/compare/v2.0.20...v2.0.21) Updates `com.google.cloud.tools.jib` from 3.4.3 to 3.4.4 --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: com.fasterxml.jackson.module:jackson-module-kotlin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: com.nimbusds:oauth2-oidc-sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: io.netty:netty-codec-http dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: com.fasterxml.jackson.module:jackson-module-kotlin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: org.bouncycastle:bcpkix-jdk18on dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: org.jetbrains.kotlinx:kotlinx-serialization-json dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.junit.jupiter:junit-jupiter-api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.junit.jupiter:junit-jupiter-params dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.junit.jupiter:junit-jupiter-params dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.jetbrains.kotlin:kotlin-test-junit5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-webflux dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-client dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-client dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.springframework.boot:spring-boot-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: org.yaml:snakeyaml dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: io.projectreactor:reactor-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: com.fasterxml.woodstox:woodstox-core dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: jvm dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github - dependency-name: com.google.cloud.tools.jib dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github ... Signed-off-by: dependabot[bot] --- build.gradle.kts | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index a7552d7f..dc9568d8 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,18 +4,18 @@ import org.jetbrains.kotlin.gradle.dsl.JvmTarget val assertjVersion = "3.26.3" val kotlinLoggingVersion = "3.0.5" -val logbackVersion = "1.5.7" -val nimbusSdkVersion = "11.18" +val logbackVersion = "1.5.12" +val nimbusSdkVersion = "11.20.1" val mockWebServerVersion = "4.12.0" -val jacksonVersion = "2.17.2" -val nettyVersion = "4.1.112.Final" -val junitJupiterVersion = "5.11.0" -val kotlinVersion = "2.0.20" +val jacksonVersion = "2.18.1" +val nettyVersion = "4.1.114.Final" +val junitJupiterVersion = "5.11.3" +val kotlinVersion = "2.0.21" val freemarkerVersion = "2.3.33" val kotestVersion = "5.9.1" -val bouncyCastleVersion = "1.78.1" -val springBootVersion = "3.3.3" -val reactorTestVersion = "3.6.9" +val bouncyCastleVersion = "1.79" +val springBootVersion = "3.3.5" +val reactorTestVersion = "3.6.11" val ktorVersion = "2.3.12" val jsonPathVersion = "2.9.0" @@ -24,11 +24,11 @@ val mainClassKt = "no.nav.security.mock.oauth2.StandaloneMockOAuth2ServerKt" plugins { application - kotlin("jvm") version "2.0.20" + kotlin("jvm") version "2.0.21" id("se.patrikerdes.use-latest-versions") version "0.2.18" id("com.github.ben-manes.versions") version "0.51.0" id("org.jmailen.kotlinter") version "4.4.1" - id("com.google.cloud.tools.jib") version "3.4.3" + id("com.google.cloud.tools.jib") version "3.4.4" id("com.github.johnrengelman.shadow") version "8.1.1" id("net.researchgate.release") version "3.0.2" id("io.github.gradle-nexus.publish-plugin") version "2.0.0" @@ -67,7 +67,7 @@ dependencies { implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jacksonVersion") implementation("org.freemarker:freemarker:$freemarkerVersion") implementation("org.bouncycastle:bcpkix-jdk18on:$bouncyCastleVersion") - implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.7.1") + implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.7.3") testImplementation("org.assertj:assertj-core:$assertjVersion") testImplementation("org.junit.jupiter:junit-jupiter-api:$junitJupiterVersion") testImplementation("org.junit.jupiter:junit-jupiter-params:$junitJupiterVersion") @@ -95,7 +95,7 @@ dependencies { require("2.10.0") } } - testImplementation("org.yaml:snakeyaml:2.2") { + testImplementation("org.yaml:snakeyaml:2.3") { because("previous versions have security vulnerabilities") } add("api", "com.squareup.okio:okio") { @@ -125,7 +125,7 @@ dependencies { configurations { all { - resolutionStrategy.force("com.fasterxml.woodstox:woodstox-core:7.0.0") + resolutionStrategy.force("com.fasterxml.woodstox:woodstox-core:7.1.0") } } From ba4024a56655c7a6590a55cfdd0548968b4cbac0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tommy=20Tr=C3=B8en?= Date: Fri, 8 Nov 2024 09:42:02 +0100 Subject: [PATCH 2/2] refactor: remove deprecated methods * format --- .../security/mock/oauth2/MockOAuth2Server.kt | 20 +++++++++++++------ .../mock/oauth2/http/OAuth2HttpRequest.kt | 17 ++++++++-------- .../security/mock/oauth2/token/KeyProvider.kt | 1 - 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/MockOAuth2Server.kt b/src/main/kotlin/no/nav/security/mock/oauth2/MockOAuth2Server.kt index 78384136..433b1e4a 100644 --- a/src/main/kotlin/no/nav/security/mock/oauth2/MockOAuth2Server.kt +++ b/src/main/kotlin/no/nav/security/mock/oauth2/MockOAuth2Server.kt @@ -241,11 +241,12 @@ open class MockOAuth2Server( val uri = tokenEndpointUrl(issuerId) val issuerUrl = issuerUrl(issuerId) val tokenRequest = - TokenRequest( - uri.toUri(), - ClientSecretBasic(ClientID(clientId), Secret("secret")), - AuthorizationCodeGrant(AuthorizationCode("123"), URI.create("http://localhost")), - ) + TokenRequest + .Builder( + uri.toUri(), + ClientSecretBasic(ClientID(clientId), Secret("secret")), + AuthorizationCodeGrant(AuthorizationCode("123"), URI.create("http://localhost")), + ).build() return config.tokenProvider.accessToken(tokenRequest, issuerUrl, tokenCallback, null) } @@ -290,8 +291,15 @@ open class MockOAuth2Server( object : AuthorizationGrant(GrantType("MockGrant")) { override fun toParameters(): MutableMap> = mutableMapOf() } + val request = + TokenRequest + .Builder( + URI.create("http://mockgrant"), + ClientID("mockclientid"), + mockGrant, + ).build() return this.config.tokenProvider.exchangeAccessToken( - TokenRequest(URI.create("http://mockgrant"), ClientID("mockclientid"), mockGrant), + request, issuerUrl, jwtClaimsSet, DefaultOAuth2TokenCallback( diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt b/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt index ac55ed9c..1d13ee39 100644 --- a/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt +++ b/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt @@ -40,14 +40,15 @@ data class OAuth2HttpRequest( val tokenExchangeGrant = TokenExchangeGrant.parse(formParameters.map) // TODO: add scope if present in request - return TokenRequest( - this.url.toUri(), - clientAuthentication, - tokenExchangeGrant, - null, - emptyList(), - formParameters.map.mapValues { mutableListOf(it.value) }, - ) + val builder = + TokenRequest.Builder( + this.url.toUri(), + clientAuthentication, + tokenExchangeGrant, + ) + formParameters.map.forEach { (key, value) -> builder.customParameter(key, value) } + + return builder.build() } @Suppress("MemberVisibilityCanBePrivate") diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/token/KeyProvider.kt b/src/main/kotlin/no/nav/security/mock/oauth2/token/KeyProvider.kt index 003acf7d..4d078f23 100644 --- a/src/main/kotlin/no/nav/security/mock/oauth2/token/KeyProvider.kt +++ b/src/main/kotlin/no/nav/security/mock/oauth2/token/KeyProvider.kt @@ -73,5 +73,4 @@ open class KeyProvider jwkSelector: JWKSelector?, context: SecurityContext?, ): MutableList = jwkSelector?.select(JWKSet(signingKeys.values.toList()).toPublicJWKSet()) ?: mutableListOf() - }