hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

fix vulnerability CVE-2022-1471 by forcing snakeyaml 2.2

Browse Source
This commit is contained in:
Michael Hoennig
2024-01-04 09:10:20 +01:00
parent 73f147c557
commit 4c44f42b79
3 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
build.gradle
View File

@ -50,8 +50,6 @@ ext {
set('testcontainersVersion', "1.17.3")
}
// wrapper
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-data-rest'
@ -71,6 +69,17 @@ dependencies {
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
// fixes vulnerability CVE-2022-1471
// The dependency usually comes from Spring Boot, just in the wrong version.
// TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
// as well as the related exclude in settings.gradle
// and the dependency suppression in owasp-dependency-check-suppression.xml.
implementation('org.yaml:snakeyaml') {
version {
strictly('2.2')
}
}
compileOnly 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok'