remove version workarounds which are not necessary anymore
This commit is contained in:
parent
e5c01e70f5
commit
f29dc80074
11
build.gradle
11
build.gradle
@ -71,17 +71,6 @@ dependencies {
|
||||
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
|
||||
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
|
||||
|
||||
// fixes vulnerability CVE-2022-1471
|
||||
// The dependency usually comes from Spring Boot, just in the wrong version.
|
||||
// TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
|
||||
// as well as the related exclude in settings.gradle
|
||||
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
||||
implementation('org.yaml:snakeyaml') {
|
||||
version {
|
||||
strictly('2.2')
|
||||
}
|
||||
}
|
||||
|
||||
compileOnly 'org.projectlombok:lombok'
|
||||
testCompileOnly 'org.projectlombok:lombok'
|
||||
|
||||
|
@ -11,28 +11,4 @@ plugins {
|
||||
id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
|
||||
}
|
||||
|
||||
dependencyResolutionManagement {
|
||||
components {
|
||||
all {
|
||||
allVariants {
|
||||
withDependencies {
|
||||
removeAll {
|
||||
// Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
|
||||
// which contains a severe vulnerability.
|
||||
// Here we remove this transient dependency and in build.gradle
|
||||
// we add an explicit dependency to snakeyaml 2.2,
|
||||
// which does not have this vulnerability anymore.
|
||||
//
|
||||
// TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
|
||||
// is still neccessary. If not:
|
||||
// Remove it // as well as the related explicit dependency in build.gradle
|
||||
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
||||
it.module in [ 'snakeyaml' ]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
rootProject.name = 'hsadmin-ng'
|
||||
|
Loading…
Reference in New Issue
Block a user