From 7e3fa1385348a9477e67c72b0321ea66ed17540b Mon Sep 17 00:00:00 2001
From: john-sobrepena-partior <john.sobrepena@partior.com>
Date: Tue, 25 Jun 2024 20:43:39 +0800
Subject: [PATCH] hotfix: SET-527 vulnerability fixes

---
 key-vault/hashicorp-key-vault/build.gradle | 5 ++++-
 security/build.gradle                      | 6 ++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/key-vault/hashicorp-key-vault/build.gradle b/key-vault/hashicorp-key-vault/build.gradle
index b1a1f9951..916fc0db2 100644
--- a/key-vault/hashicorp-key-vault/build.gradle
+++ b/key-vault/hashicorp-key-vault/build.gradle
@@ -16,6 +16,9 @@ configurations.all {
   exclude group: "org.springframework", module: "spring-jcl"
   exclude group: "org.springframework", module: "spring-aop"
   exclude group: "jakarta.json"
+  resolutionStrategy {
+    force 'com.squareup.okio:okio:1.17.6'
+  }
 }
 
 def springVersion = "6.1.6"
@@ -26,7 +29,7 @@ dependencies {
   implementation("org.springframework.vault:spring-vault-core:3.1.1") {
     exclude group: "org.springframework",module: "spring-core"
   }
-  implementation "com.squareup.okhttp3:okhttp:4.12.0"
+  implementation "com.squareup.okhttp3:okhttp:3.14.9"
 
   implementation "org.springframework:spring-orm:$springVersion"
   testImplementation "org.springframework:spring-test:$springVersion"
diff --git a/security/build.gradle b/security/build.gradle
index e563fd8e0..7e836700b 100644
--- a/security/build.gradle
+++ b/security/build.gradle
@@ -2,6 +2,12 @@ plugins {
   id "java-library"
 }
 
+configurations.all {
+  resolutionStrategy {
+    force 'org.bouncycastle:bcprov-jdk18on:1.78'
+  }
+}
+
 dependencies {
   implementation project(":config")
   implementation project(":shared")