build.gradle

@@ -71,17 +71,6 @@ dependencies {
     implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
     implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
 
-    // fixes vulnerability CVE-2022-1471
-    // The dependency usually comes from Spring Boot, just in the wrong version.
-    // TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
-    // as well as the related exclude in settings.gradle
-    // and the dependency suppression in owasp-dependency-check-suppression.xml.
-    implementation('org.yaml:snakeyaml') {
-        version {
-            strictly('2.2')
-        }
-    }
-
     compileOnly 'org.projectlombok:lombok'
     testCompileOnly 'org.projectlombok:lombok'
 

settings.gradle

@@ -11,28 +11,4 @@ plugins {
     id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
 }
 
-dependencyResolutionManagement {
-    components {
-        all {
-            allVariants {
-                withDependencies {
-                    removeAll {
-                        // Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
-                        // which contains a severe vulnerability.
-                        // Here we remove this transient dependency and in build.gradle
-                        // we add an explicit dependency to snakeyaml 2.2,
-                        // which does not have this vulnerability anymore.
-                        //
-                        // TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
-                        // is still neccessary. If not:
-                        // Remove it // as well as the related explicit dependency in build.gradle
-                        // and the dependency suppression in owasp-dependency-check-suppression.xml.
-                        it.module in [ 'snakeyaml' ]
-                    }
-                }
-            }
-        }
-    }
-}
-
 rootProject.name = 'hsadmin-ng'