Merge pull request eclipse-tractusx#60 from smartSenseSolutions/featu…

…res/java-did-web fix: Veracode finding for CVE-2023-24998
cpomorska · Jul 18, 2023 · f3ebc75 · f3ebc75
2 parents c2540de + 5ac9f2d
commit f3ebc75
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -3,6 +3,8 @@ plugins {
 	id 'org.springframework.boot' version "${springBootVersion}"
 	id 'io.spring.dependency-management' version "${springDependencyVersion}"
 	id "jacoco"
+	id 'project-report'
+
 }
 
 group = "${groupName}"
@@ -53,6 +55,10 @@ dependencies {
 	//Added explicitly to mitigate CVE 2022-1471
 	implementation group: 'org.yaml', name: 'snakeyaml', version: '2.0'
 
+	//Added explicitly to mitigate CVE 2023-24998
+	implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
+
+
 	testImplementation 'org.projectlombok:lombok:1.18.28'
 	runtimeOnly 'org.postgresql:postgresql'
 	compileOnly 'org.projectlombok:lombok'
@@ -88,6 +94,10 @@ test {
 	finalizedBy jacocoTestReport
 }
 
+htmlDependencyReport {
+	projects = project.allprojects
+}
+
 jacocoTestReport {
 	dependsOn test