Update snakeyaml (CVE-2022-1471)

https://github.com/digitalservicebund/java-application-template/security/code-scanning/62
digitalservicebund · Aug 9, 2023 · 0ab1204 · 0ab1204
1 parent 4e83cd8
commit 0ab1204
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/.talismanrc b/.talismanrc
@@ -4,4 +4,4 @@ allowed_patterns:
   - https://github.com/jk1/Gradle-License-Report/blob/7cf695c38126b63ef9e907345adab84dfa92ea0e/src/main/resources/default-license-normalizer-bundle.json
 fileignoreconfig:
 - filename: build.gradle.kts
-  checksum: 9bc3c26452df16f3bbd0deba8790fbf4a123d7b202738c657762611dbd371482
+  checksum: 0b4fb42cd6bdf5d492e3077645250e6d57a2ea7909f9d8c49151c76c3d8673db
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -38,6 +38,9 @@ dependencies {
     implementation(libs.spring.boot.starter.security)
     implementation(libs.spring.boot.starter.webflux)
 
+    // CVE-2022-1471
+    implementation(libs.snakeyaml)
+
     compileOnly(libs.lombok)
 
     developmentOnly(libs.spring.boot.devtools)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -8,6 +8,7 @@ archunit-junit5 = "com.tngtech.archunit:archunit-junit5:1.0.1"
 lombok = { module = "org.projectlombok:lombok" }
 mockito-junit-jupiter = "org.mockito:mockito-junit-jupiter:5.4.0"
 reactor-test = { module = "io.projectreactor:reactor-test" }
+snakeyaml = "org.yaml:snakeyaml:2.1"
 spring-boot-devtools = { module = "org.springframework.boot:spring-boot-devtools" }
 spring-boot-starter-actuator = { module = "org.springframework.boot:spring-boot-starter-actuator" }
 spring-boot-starter-security = { module = "org.springframework.boot:spring-boot-starter-security" }