Michael Hoennig
0f71c6a88d
Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: #7 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
39 lines
1.4 KiB
Groovy
39 lines
1.4 KiB
Groovy
pluginManagement {
|
|
repositories {
|
|
maven { url 'https://repo.spring.io/milestone' }
|
|
maven { url 'https://repo.spring.io/snapshot' }
|
|
gradlePluginPortal()
|
|
mavenCentral()
|
|
}
|
|
}
|
|
|
|
plugins {
|
|
id 'org.gradle.toolchains.foojay-resolver-convention' version '0.7.0'
|
|
}
|
|
|
|
dependencyResolutionManagement {
|
|
components {
|
|
all {
|
|
allVariants {
|
|
withDependencies {
|
|
removeAll {
|
|
// Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
|
|
// which contains a severe vulnerability.
|
|
// Here we remove this transient dependency and in build.gradle
|
|
// we add an explicit dependency to snakeyaml 2.2,
|
|
// which does not have this vulnerability anymore.
|
|
//
|
|
// TODO: Check Once we are on SpringBoot 3.2.x, check if this exclude
|
|
// is still neccessary. If not:
|
|
// Remove it // as well as the related explicit dependency in build.gradle
|
|
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
|
it.module in [ 'snakeyaml' ]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
rootProject.name = 'hsadmin-ng'
|