From 1b519b6315962e429a274601e3b58ff4bd05465a Mon Sep 17 00:00:00 2001
From: Esta Nagy <nagyesta@gmail.com>
Date: Fri, 4 Mar 2022 19:09:11 +0100
Subject: [PATCH] Security fix httpclient (#53)

- Updates commons-codec transitive dependency

Resolves #52
{patch}
---
 gradle/libs.versions.toml                | 2 ++
 lowkey-vault-client/build.gradle         | 1 +
 lowkey-vault-docker/build.gradle         | 1 +
 lowkey-vault-testcontainers/build.gradle | 1 +
 4 files changed, 5 insertions(+)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 97ea88a2..fef00092 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -7,6 +7,7 @@ hibernateValidator = "6.2.3.Final"
 findbugs = "3.0.2"
 lombok = "1.18.22"
 httpClient = "4.5.13"
+commonsCodec = "1.15"
 azureKeyVaultClient = "4.3.7"
 testcontainers = "1.16.3"
 cucumber = "7.2.3"
@@ -51,6 +52,7 @@ hibernate-validator = { module = "org.hibernate:hibernate-validator", version.re
 findbugs-jsr305 = { module = "com.google.code.findbugs:jsr305", version.ref = "findbugs" }
 
 httpclient = { module = "org.apache.httpcomponents:httpclient", version.ref = "httpClient" }
+commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodec" }
 
 mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockitoCore" }
 
diff --git a/lowkey-vault-client/build.gradle b/lowkey-vault-client/build.gradle
index 5f7c7284..d8f54b97 100644
--- a/lowkey-vault-client/build.gradle
+++ b/lowkey-vault-client/build.gradle
@@ -17,6 +17,7 @@ dependencies {
         exclude(group: "io.netty")
     }
     implementation libs.httpclient
+    implementation libs.commons.codec
     testImplementation libs.mockito.core
     testImplementation libs.jupiter
     testImplementation libs.logback.classic
diff --git a/lowkey-vault-docker/build.gradle b/lowkey-vault-docker/build.gradle
index d72f96c6..e2f92cec 100644
--- a/lowkey-vault-docker/build.gradle
+++ b/lowkey-vault-docker/build.gradle
@@ -22,6 +22,7 @@ group = "${rootProject.group}"
 dependencies {
     testImplementation project(":lowkey-vault-client")
     testImplementation libs.httpclient
+    testImplementation libs.commons.codec
     testImplementation libs.azure.security.keyvault.keys
     testImplementation libs.azure.security.keyvault.secrets
     testImplementation libs.spring.boot.starter.test
diff --git a/lowkey-vault-testcontainers/build.gradle b/lowkey-vault-testcontainers/build.gradle
index 6ae369a7..919ccb8e 100644
--- a/lowkey-vault-testcontainers/build.gradle
+++ b/lowkey-vault-testcontainers/build.gradle
@@ -16,6 +16,7 @@ dependencies {
     testImplementation project(":lowkey-vault-client")
     testImplementation libs.bundles.jackson
     testImplementation libs.httpclient
+    testImplementation libs.commons.codec
     testImplementation libs.azure.security.keyvault.keys
     testImplementation libs.azure.security.keyvault.secrets
     testImplementation libs.mockito.core