pluginManagement { repositories { maven { url 'https://repo.spring.io/milestone' } maven { url 'https://repo.spring.io/snapshot' } gradlePluginPortal() mavenCentral() } } plugins { id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0' } dependencyResolutionManagement { components { all { allVariants { withDependencies { removeAll { // Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3 // which contains a severe vulnerability. // Here we remove this transient dependency and in build.gradle // we add an explicit dependency to snakeyaml 2.2, // which does not have this vulnerability anymore. // // TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude // is still neccessary. If not: // Remove it // as well as the related explicit dependency in build.gradle // and the dependency suppression in owasp-dependency-check-suppression.xml. it.module in [ 'snakeyaml' ] } } } } } } rootProject.name = 'hsadmin-ng'