From e0876bc1fbb602adc4ca82fbefe0ec81058ed466 Mon Sep 17 00:00:00 2001
From: Nico Koprowski <nico.koprowski@mercedes-benz.com>
Date: Mon, 13 Mar 2023 09:20:15 +0100
Subject: [PATCH] feat(App): override snakeyaml dependency version

- Forced usage of snakeyaml 2.0 mitigates security issue CVE-2022-1471
---
 pom.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pom.xml b/pom.xml
index 9f5031247..787ff9bb2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,6 +109,12 @@
                 <artifactId>kotlin-logging-jvm</artifactId>
                 <version>${kotlinlogging.version}</version>
             </dependency>
+            <!-- Override snakeyaml version used by transitive dependencies due to security issue -->
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>2.0</version>
+            </dependency>
             <dependency>
                 <groupId>com.github.tomakehurst</groupId>
                 <artifactId>wiremock-jre8-standalone</artifactId>