Fix SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276, update google-api-client

Snyk rates this as a high-severity issue: https://app.snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 > Remediation > Upgrade com.google.oauth-client:google-oauth-client to version 1.31.0 > or higher. Note that we had a prior PR in `play-googleauth` to fix this issue: #77 - but although it was titled "Update google-oauth-client to v1.31.0", that's at odds with the actual change in that PR, which only updated the library to v1.30.10: https://github.com/guardian/play-googleauth/blob/f8422fed4f244f13a653d1f98ecbf2cd538d2ebc/project/Dependencies.scala#L48 As far as SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 goes, the commit for that was googleapis/google-oauth-java-client@13433cd7, which indeed was only initially released with v1.31.0.
guardian · Nov 28, 2020 · 4589b93 · 4589b93
1 parent 04cefaa
commit 4589b93
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/play-v27/src/main/scala/com/gu/googleauth/groups.scala b/play-v27/src/main/scala/com/gu/googleauth/groups.scala
@@ -5,7 +5,7 @@ import java.security.PrivateKey
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport
 import com.google.api.client.json.jackson2.JacksonFactory
-import com.google.api.services.admin.directory.{Directory, DirectoryScopes}
+import com.google.api.services.directory.{Directory, DirectoryScopes}
 
 import scala.collection.JavaConverters._
 import scala.concurrent._

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -44,9 +44,9 @@ object Dependencies {
     * @see https://github.com/guardian/subscriptions-frontend/pull/363#issuecomment-186190081
     */
   val googleDirectoryAPI = Seq(
-    "com.google.apis" % "google-api-services-admin-directory" % "directory_v1-rev118-1.25.0" exclude("com.google.guava", "guava-jdk5"),
-    "com.google.api-client" % "google-api-client" % "1.30.10", // Required as it fixes https://github.com/googleapis/google-api-java-client/issues/1487
-    "com.google.guava" % "guava" % "25.0-jre"
+    "com.google.apis" % "google-api-services-admin-directory" % "directory_v1-rev20191003-1.30.8" exclude("com.google.guava", "guava-jdk5"),
+    "com.google.api-client" % "google-api-client" % "1.31.1", // https://app.snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
+    "com.google.guava" % "guava" % "30.0-jre"
   )
 
 }