spring-boot-3-2-upgrade (#32)

Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/32 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
2024-04-02 13:24:25 +02:00
parent ad04faa21d
commit 73c378b456
25 changed files with 62 additions and 198 deletions
--- a/settings.gradle
+++ b/settings.gradle
@@ -11,28 +11,4 @@ plugins {
    id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
 }

-dependencyResolutionManagement {
-    components {
-        all {
-            allVariants {
-                withDependencies {
-                    removeAll {
-                        // Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
-                        // which contains a severe vulnerability.
-                        // Here we remove this transient dependency and in build.gradle
-                        // we add an explicit dependency to snakeyaml 2.2,
-                        // which does not have this vulnerability anymore.
-                        //
-                        // TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
-                        // is still neccessary. If not:
-                        // Remove it // as well as the related explicit dependency in build.gradle
-                        // and the dependency suppression in owasp-dependency-check-suppression.xml.
-                        it.module in [ 'snakeyaml' ]
-                    }
-                }
-            }
-        }
-    }
-}
-
 rootProject.name = 'hsadmin-ng'