fix vulnerability CVE-2022-1471 by forcing snakeyaml 2.2

2024-01-04 09:10:20 +01:00
parent 73f147c557
commit 4c44f42b79
3 changed files with 37 additions and 2 deletions
--- a/settings.gradle
+++ b/settings.gradle
@@ -7,4 +7,21 @@ pluginManagement {
    }
 }

+dependencyResolutionManagement {
+    components {
+        all {
+            allVariants {
+                withDependencies {
+                    removeAll {
+                        // TODO: Remove this transient dependency exclude once we are on SpringBoot 3.2.x
+                        // as well as the related explicit dependency in build.gradle
+                        // and the dependency suppression in owasp-dependency-check-suppression.xml.
+                        it.module in [ 'snakeyaml' ]
+                    }
+                }
+            }
+        }
+    }
+}
+
 rootProject.name = 'hsadmin-ng'