addressed CVE-2022-31183 by patching fs2 (#150)

salamonpavel · web-flow · commit 93d16197d73c · 2025-12-18T12:35:16.000+01:00
diff --git a/build.sbt b/build.sbt
@@ -51,7 +51,10 @@ lazy val commonSettings = Seq(
   scalacOptions ++= commonScalacOptions,
   Test / parallelExecution := false,
   (Compile / compile) := ((Compile / compile) dependsOn printScalaVersion).value, // printScalaVersion is run with compile
-  jacocoExcludes := commonJacocoExcludes
+  jacocoExcludes := commonJacocoExcludes,
+  // to mitigate CVE-2022-31183
+  dependencyOverrides += "co.fs2" %% "fs2-core" % "3.2.11",
+  dependencyOverrides += "co.fs2" %% "fs2-io"   % "3.2.11",
 )
 
 lazy val parent = (project in file("."))
diff --git a/project/plugins.sbt b/project/plugins.sbt
@@ -41,3 +41,5 @@ addSbtPlugin("za.co.absa.sbt" % "sbt-jacoco" % "3.4.1-absa.4" from "https://gith
 addSbtPlugin("com.thoughtworks.sbt-api-mappings" % "sbt-api-mappings" % "3.0.2")
 
 addSbtPlugin("io.github.davidmweber" % "flyway-sbt" % "7.4.0")
+
+addDependencyTreePlugin
