feat(App): override snakeyaml dependency version

- Forced usage of snakeyaml 2.0 mitigates security issue CVE-2022-1471
eclipse-tractusx · Mar 13, 2023 · e0876bc · e0876bc
1 parent 29a6494
commit e0876bc
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -109,6 +109,12 @@
                 <artifactId>kotlin-logging-jvm</artifactId>
                 <version>${kotlinlogging.version}</version>
             </dependency>
+            <!-- Override snakeyaml version used by transitive dependencies due to security issue -->
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>2.0</version>
+            </dependency>
             <dependency>
                 <groupId>com.github.tomakehurst</groupId>
                 <artifactId>wiremock-jre8-standalone</artifactId>