2022-10-28 15:57:06 +02:00
|
|
|
pluginManagement {
|
|
|
|
repositories {
|
|
|
|
maven { url 'https://repo.spring.io/milestone' }
|
|
|
|
maven { url 'https://repo.spring.io/snapshot' }
|
|
|
|
gradlePluginPortal()
|
|
|
|
mavenCentral()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-05 15:16:12 +01:00
|
|
|
plugins {
|
|
|
|
id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
|
|
|
|
}
|
|
|
|
|
2024-01-04 09:10:20 +01:00
|
|
|
dependencyResolutionManagement {
|
|
|
|
components {
|
|
|
|
all {
|
|
|
|
allVariants {
|
|
|
|
withDependencies {
|
|
|
|
removeAll {
|
2024-01-05 11:07:34 +01:00
|
|
|
// Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
|
|
|
|
// which contains a severe vulnerability.
|
|
|
|
// Here we remove this transient dependency and in build.gradle
|
|
|
|
// we add an explicit dependency to snakeyaml 2.2,
|
|
|
|
// which does not have this vulnerability anymore.
|
|
|
|
//
|
|
|
|
// TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
|
|
|
|
// is still neccessary. If not:
|
|
|
|
// Remove it // as well as the related explicit dependency in build.gradle
|
2024-01-04 09:10:20 +01:00
|
|
|
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
|
|
|
it.module in [ 'snakeyaml' ]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-01 13:14:56 +02:00
|
|
|
rootProject.name = 'hsadmin-ng'
|