From 25e8bfb35286744c40922b06d3a6b8beb812a543 Mon Sep 17 00:00:00 2001
From: David An <davidan@broadinstitute.org>
Date: Tue, 12 Mar 2024 17:22:33 -0400
Subject: [PATCH] update to latest workbench-libs and remove jose4j override

---
 project/Dependencies.scala | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index 192a5ab5d..b934b5b03 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -6,7 +6,7 @@ object Dependencies {
   val jacksonV = "2.13.5"
   val jacksonHotfixV = "2.13.5" // for when only some of the Jackson libs have hotfix releases
   val nettyV = "4.1.107.Final"
-  val workbenchLibsHash = "8ccaa6d" // see https://github.com/broadinstitute/workbench-libs readme for hash values
+  val workbenchLibsHash = "1c0cf92" // see https://github.com/broadinstitute/workbench-libs readme for hash values
 
   def excludeGuava(m: ModuleID): ModuleID = m.exclude("com.google.guava", "guava")
   val excludeAkkaActor =        ExclusionRule(organization = "com.typesafe.akka", name = "akka-actor_2.13")
@@ -23,8 +23,6 @@ object Dependencies {
     "com.fasterxml.jackson.core" % "jackson-databind" % jacksonHotfixV,
     "com.fasterxml.jackson.core" % "jackson-core" % jacksonV,
     "org.yaml" % "snakeyaml" % "1.33",
-    // workbench-google2 has jose4j as a dependency; directly updating to a non-vulnerable version until workbench-google2 updates
-    "org.bitbucket.b_c" % "jose4j" % "0.9.3",
     "io.grpc" % "grpc-xds" % "1.56.1",
     // workbench-google2 has bouncycastle as a dependency; directly updating to a non-vulnerable version until workbench-google2 updates
     "org.bouncycastle" % "bcprov-jdk18on" % "1.74"
@@ -53,7 +51,7 @@ object Dependencies {
       exclude("bio.terra", "workspace-manager-client")
       excludeAll(excludeAkkaHttp, excludeSprayJson),
     excludeGuava("org.broadinstitute.dsde.workbench" %% "workbench-util"  % s"0.10-$workbenchLibsHash"),
-    "org.broadinstitute.dsde.workbench" %% "workbench-google2" % s"0.35-$workbenchLibsHash",
+    "org.broadinstitute.dsde.workbench" %% "workbench-google2" % s"0.36-$workbenchLibsHash",
     "org.broadinstitute.dsde.workbench" %% "workbench-oauth2" % s"0.5-$workbenchLibsHash",
     "org.broadinstitute.dsde.workbench" %% "sam-client"       % "0.1-ef83073",
     "org.broadinstitute.dsde.workbench" %% "workbench-notifications" %s"0.6-$workbenchLibsHash",