Skip to content

Commit 688839b

Browse files
abhisheksr01abhisheksr01
committed
build(gradle): bump deps to fix the vulnerabilities
1 parent 56c4f54 commit 688839b

File tree

1 file changed

+15
-15
lines changed

1 file changed

+15
-15
lines changed

build.gradle

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ plugins {
44
id 'io.spring.dependency-management' version '1.1.7'
55
id 'jacoco'
66
id 'info.solidsoft.pitest' version '1.15.0'
7-
id "org.owasp.dependencycheck" version "12.1.1"
7+
id "org.owasp.dependencycheck" version "12.1.3"
88
}
99

1010
String buildId = project.hasProperty('buildId') ? project['buildId'] : 'DEV'
@@ -28,7 +28,7 @@ ext {
2828
lombokVersion = "1.18.38"
2929
wireMockVersion = "3.12.1"
3030
ioCucumberVersion = "7.22.0"
31-
springDocVersion = "2.8.6"
31+
springDocVersion = "2.8.12"
3232
jacocoVersion = "0.8.9"
3333
junitVintage = "5.12.1"
3434
}
@@ -59,19 +59,19 @@ dependencies {
5959
*https://docs.gradle.org/current/userguide/dependency_management.html#sec:module_substitution
6060
* Example 109. Example: Blacklisting a version with a replacement
6161
*/
62-
// configurations.all {
63-
// /***
64-
// * This is how we can exclude transient dependencies
65-
// * exclude group: "com.google.guava", module: "guava"
66-
// */
67-
// // Replacing a transient dependency to a higher version for fixing vulnerabilities
68-
// resolutionStrategy.eachDependency { DependencyResolveDetails details ->
69-
// if (details.requested.group == 'org.yaml' && details.requested.name == 'snakeyaml' && details.requested.version == '1.33') {
70-
// details.useVersion '2.0'
71-
// details.because 'Fixes vulnerability in prior snakeyaml versions'
72-
// }
73-
// }
74-
// }
62+
configurations.all {
63+
/***
64+
* This is how we can exclude transient dependencies
65+
* EXAMPLE - exclude group: "com.google.guava", module: "guava"
66+
*/
67+
// Replacing a transient dependency to a higher version for fixing vulnerabilities
68+
resolutionStrategy.eachDependency { DependencyResolveDetails details ->
69+
if (details.requested.group == 'org.apache.commons' && details.requested.name == 'commons-lang3' && details.requested.version == '3.17.0') {
70+
details.useVersion '3.18.0'
71+
details.because 'Fixes vulnerability in prior commons-lang3 versions'
72+
}
73+
}
74+
}
7575
}
7676

7777
// Property can be passed along with test task to avoid execution of e2e

0 commit comments

Comments
 (0)