From 865d2f1df9bca1b36e893f22a331780c24ca8b08 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jul 2023 07:28:00 +0000
Subject: [PATCH 1/2] chore(deps): bump net.minidev:json-smart from 2.4.11 to
 2.5.0

Bumps [net.minidev:json-smart](https://github.com/netplex/json-smart-v2) from 2.4.11 to 2.5.0.
- [Release notes](https://github.com/netplex/json-smart-v2/releases)
- [Commits](https://github.com/netplex/json-smart-v2/compare/2.4.11...2.5.0)

---
updated-dependencies:
- dependency-name: net.minidev:json-smart
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle.kts                                         | 2 +-
 edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index 2563fa0aa..83f1dd213 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -71,7 +71,7 @@ allprojects {
             implementation("org.yaml:snakeyaml:2.0") {
                 because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
             }
-            implementation("net.minidev:json-smart:2.4.11") {
+            implementation("net.minidev:json-smart:2.5.0") {
                 because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
             }
         }
diff --git a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts
index c666a4fb2..4423254e6 100644
--- a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts
+++ b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts
@@ -27,7 +27,7 @@ dependencies {
     implementation(project(":edc-dataplane:edc-dataplane-base"))
     implementation(libs.edc.azure.vault)
     constraints {
-        implementation("net.minidev:json-smart:2.4.11") {
+        implementation("net.minidev:json-smart:2.5.0") {
             because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
         }
     }

From 36dd830eccb7c9361bb895ac97575c8c00ac6c6f Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <paul.latzelsperger@beardyinc.com>
Date: Tue, 11 Jul 2023 09:41:28 +0200
Subject: [PATCH 2/2] update DEPENDENCIES

---
 DEPENDENCIES | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 2a98f3d44..eba0220c8 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -209,9 +209,9 @@ maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-
 maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390
 maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217
 maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #6709
-maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515
+maven/mavencentral/net.minidev/accessors-smart/2.5.0, , restricted, clearlydefined
 maven/mavencentral/net.minidev/json-smart/2.4.10, Apache-2.0, approved, #3288
-maven/mavencentral/net.minidev/json-smart/2.4.11, Apache-2.0, approved, #3288
+maven/mavencentral/net.minidev/json-smart/2.5.0, , restricted, clearlydefined
 maven/mavencentral/net.sf.saxon/Saxon-HE/10.6, MPL-2.0 AND W3C, approved, #7945
 maven/mavencentral/org.antlr/antlr4-runtime/4.9.3, BSD-3-Clause, approved, #322
 maven/mavencentral/org.apache.commons/commons-compress/1.23.0, Apache-2.0 AND BSD-3-Clause, approved, #7506