dependency upgrades and suppress irrelevant security vulnerability in jackson-databind

This commit is contained in:
Michael Hoennig 2022-10-05 06:31:53 +02:00
parent a93143ff00
commit 398f15d5de
3 changed files with 15 additions and 7 deletions

View File

@ -1,11 +1,11 @@
plugins { plugins {
id 'java' id 'java'
id 'org.springframework.boot' version '2.7.3' id 'org.springframework.boot' version '2.7.4'
id 'io.openapiprocessor.openapi-processor' version '2022.2' id 'io.openapiprocessor.openapi-processor' version '2022.2'
id 'io.spring.dependency-management' version '1.0.13.RELEASE' id 'io.spring.dependency-management' version '1.0.14.RELEASE'
id 'com.github.jk1.dependency-license-report' version '2.1' id 'com.github.jk1.dependency-license-report' version '2.1'
id "org.owasp.dependencycheck" version "7.1.2" id "org.owasp.dependencycheck" version "7.2.1"
id "com.diffplug.spotless" version "6.10.0" id "com.diffplug.spotless" version "6.11.0"
id 'jacoco' id 'jacoco'
id 'info.solidsoft.pitest' version '1.9.0' id 'info.solidsoft.pitest' version '1.9.0'
id 'se.patrikerdes.use-latest-versions' version '0.2.18' id 'se.patrikerdes.use-latest-versions' version '0.2.18'
@ -57,7 +57,7 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springdoc:springdoc-openapi-ui:1.6.11' implementation 'org.springdoc:springdoc-openapi-ui:1.6.11'
implementation 'org.liquibase:liquibase-core' implementation 'org.liquibase:liquibase-core'
implementation 'com.vladmihalcea:hibernate-types-55:2.19.0' implementation 'com.vladmihalcea:hibernate-types-55:2.19.2'
implementation 'org.openapitools:jackson-databind-nullable:0.2.3' implementation 'org.openapitools:jackson-databind-nullable:0.2.3'
implementation 'org.modelmapper:modelmapper:3.1.0' implementation 'org.modelmapper:modelmapper:3.1.0'
@ -75,10 +75,10 @@ dependencies {
testImplementation 'org.testcontainers:testcontainers' testImplementation 'org.testcontainers:testcontainers'
testImplementation 'org.testcontainers:junit-jupiter' testImplementation 'org.testcontainers:junit-jupiter'
testImplementation 'org.testcontainers:postgresql' testImplementation 'org.testcontainers:postgresql'
testImplementation 'com.tngtech.archunit:archunit-junit5:1.0.0-rc1' testImplementation 'com.tngtech.archunit:archunit-junit5:1.0.0'
testImplementation 'io.rest-assured:spring-mock-mvc' testImplementation 'io.rest-assured:spring-mock-mvc'
testImplementation 'org.hamcrest:hamcrest-core:2.2' testImplementation 'org.hamcrest:hamcrest-core:2.2'
testImplementation 'org.pitest:pitest-junit5-plugin:1.0.0' testImplementation 'org.pitest:pitest-junit5-plugin:1.1.0'
} }
dependencyManagement { dependencyManagement {

View File

@ -7,4 +7,11 @@
<packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl> <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
<cve>CVE-2016-1000027</cve> <cve>CVE-2016-1000027</cve>
</suppress> </suppress>
<suppress>
<notes><![CDATA[
We don't use the UNWRAP_SINGLE_VALUE_ARRAYS feature and thus are not affected.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2022-42003</cve>
</suppress>
</suppressions> </suppressions>

View File

@ -2,6 +2,7 @@
# Spring BOM overrides # Spring BOM overrides
postgresql.version = 42.4.1 postgresql.version = 42.4.1
snakeyaml.version = 1.32 snakeyaml.version = 1.32
jackson-databind = 2.13.4
# TODO: can be removed if all dependencies are JDK 16 compliant, check with `gw clean check` # TODO: can be removed if all dependencies are JDK 16 compliant, check with `gw clean check`
# and check output for "cannot access class ... because module jdk.compiler does not export ..." # and check output for "cannot access class ... because module jdk.compiler does not export ..."