From 79ef411b95918dc930849469e6a173ba90c8ffa4 Mon Sep 17 00:00:00 2001 From: "Tuncay Tunc (ZF Friedrichshafen AG)" Date: Mon, 24 Apr 2023 09:01:44 +0200 Subject: [PATCH 1/2] Centralize dependencies constrains --- build.gradle.kts | 11 +++++++++++ .../edc-controlplane-postgresql/build.gradle.kts | 5 ----- .../edc-dataplane-azure-vault/build.gradle.kts | 5 ----- edc-extensions/control-plane-adapter/build.gradle.kts | 7 ------- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 1f545aea5..401820669 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -159,3 +159,14 @@ subprojects { } } } + +dependencies { + constraints { + implementation("org.yaml:snakeyaml:2.0") { + because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.") + } + implementation("net.minidev:json-smart:2.4.10") { + because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") + } + } +} \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts index 78b5e253f..5888c34c4 100644 --- a/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts @@ -11,11 +11,6 @@ dependencies { runtimeOnly(project(":edc-controlplane:edc-controlplane-base")) runtimeOnly(project(":edc-extensions:postgresql-migration")) runtimeOnly(edc.azure.vault) - constraints { - implementation("net.minidev:json-smart:2.4.10") { - because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") - } - } runtimeOnly(edc.bundles.sqlstores) runtimeOnly(edc.transaction.local) runtimeOnly(edc.sql.pool) diff --git a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts index 020dc0512..02d29b7db 100644 --- a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts +++ b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts @@ -8,11 +8,6 @@ plugins { dependencies { implementation(project(":edc-dataplane:edc-dataplane-base")) implementation(edc.azure.vault) - constraints { - implementation("net.minidev:json-smart:2.4.10") { - because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") - } - } implementation(edc.azure.identity) implementation("com.azure:azure-security-keyvault-secrets:4.6.0") } diff --git a/edc-extensions/control-plane-adapter/build.gradle.kts b/edc-extensions/control-plane-adapter/build.gradle.kts index c205d5cb0..fe34a0866 100644 --- a/edc-extensions/control-plane-adapter/build.gradle.kts +++ b/edc-extensions/control-plane-adapter/build.gradle.kts @@ -8,14 +8,7 @@ plugins { dependencies { implementation(edc.spi.core) implementation(edc.spi.policy) - implementation(edc.api.management) - constraints { - implementation("org.yaml:snakeyaml:2.0") { - because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.") - } - } - implementation(edc.spi.catalog) implementation(edc.spi.transactionspi) implementation(edc.spi.transaction.datasource) From 16e9ced671e1d3cf6d61d5c0f806c8c73924daea Mon Sep 17 00:00:00 2001 From: "Tuncay Tunc (ZF Friedrichshafen AG)" <100704677+tuncaytunc-zf@users.noreply.github.com> Date: Mon, 24 Apr 2023 09:09:16 +0200 Subject: [PATCH 2/2] Update build.gradle.kts Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 401820669..d3079176c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -169,4 +169,4 @@ dependencies { because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") } } -} \ No newline at end of file +}