From fd96bfffb231f40a9829e49cf2584fd0dcda531b Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 2 Sep 2022 08:58:15 +0200
Subject: [PATCH] fix security vulnerability in snakeyaml

---
 build.gradle      | 4 ++++
 gradle.properties | 1 +
 2 files changed, 5 insertions(+)

diff --git a/build.gradle b/build.gradle
index 52519dfb..8a8a5a7f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -135,6 +135,10 @@ dependencyCheck {
     failBuildOnCVSS = 7
 }
 project.tasks.check.dependsOn(dependencyCheckAnalyze)
+project.tasks.dependencyCheckAnalyze.doFirst { // doLast is not executed on exception, thus when we need it
+    println "OWASP Dependency Security Report: file:///${project.rootDir}/build/reports/dependency-check-report.html"
+}
+
 
 // License Check
 licenseReport {
diff --git a/gradle.properties b/gradle.properties
index db7cb96e..852baf23 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,7 @@
 
 # Spring BOM overrides
 postgresql.version = 42.4.1
+snakeyaml.version = 1.31
 
 # TODO: can be removed if all dependencies are JDK 16 compliant
 org.gradle.jvmargs= \