hs.hsadmin.ng/settings.gradle

39 lines
1.4 KiB
Groovy
Raw Normal View History

2022-10-28 15:57:06 +02:00
pluginManagement {
repositories {
maven { url 'https://repo.spring.io/milestone' }
maven { url 'https://repo.spring.io/snapshot' }
gradlePluginPortal()
mavenCentral()
}
}
plugins {
id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
}
dependencyResolutionManagement {
components {
all {
allVariants {
withDependencies {
removeAll {
2024-01-05 11:07:34 +01:00
// Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
// which contains a severe vulnerability.
// Here we remove this transient dependency and in build.gradle
// we add an explicit dependency to snakeyaml 2.2,
// which does not have this vulnerability anymore.
//
// TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
// is still neccessary. If not:
// Remove it // as well as the related explicit dependency in build.gradle
// and the dependency suppression in owasp-dependency-check-suppression.xml.
it.module in [ 'snakeyaml' ]
}
}
}
}
}
}
rootProject.name = 'hsadmin-ng'