spring-boot-3-2-upgrade #32
11
build.gradle
11
build.gradle
@ -71,17 +71,6 @@ dependencies {
|
|||||||
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
|
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
|
||||||
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
|
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
|
||||||
|
|
||||||
// fixes vulnerability CVE-2022-1471
|
|
||||||
// The dependency usually comes from Spring Boot, just in the wrong version.
|
|
||||||
// TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
|
|
||||||
// as well as the related exclude in settings.gradle
|
|
||||||
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
|
||||||
implementation('org.yaml:snakeyaml') {
|
|
||||||
version {
|
|
||||||
strictly('2.2')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
compileOnly 'org.projectlombok:lombok'
|
compileOnly 'org.projectlombok:lombok'
|
||||||
testCompileOnly 'org.projectlombok:lombok'
|
testCompileOnly 'org.projectlombok:lombok'
|
||||||
|
|
||||||
|
@ -11,28 +11,4 @@ plugins {
|
|||||||
id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
|
id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
|
||||||
}
|
}
|
||||||
|
|
||||||
dependencyResolutionManagement {
|
|
||||||
components {
|
|
||||||
all {
|
|
||||||
allVariants {
|
|
||||||
withDependencies {
|
|
||||||
removeAll {
|
|
||||||
// Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
|
|
||||||
// which contains a severe vulnerability.
|
|
||||||
// Here we remove this transient dependency and in build.gradle
|
|
||||||
// we add an explicit dependency to snakeyaml 2.2,
|
|
||||||
// which does not have this vulnerability anymore.
|
|
||||||
//
|
|
||||||
// TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
|
|
||||||
// is still neccessary. If not:
|
|
||||||
// Remove it // as well as the related explicit dependency in build.gradle
|
|
||||||
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
|
||||||
it.module in [ 'snakeyaml' ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
rootProject.name = 'hsadmin-ng'
|
rootProject.name = 'hsadmin-ng'
|
||||||
|
Loading…
Reference in New Issue
Block a user