From 06ee7f99d3ce64c98e9c9d88de9324b8e95f847e Mon Sep 17 00:00:00 2001
From: Mohammad Iqbal <mohammad.iqbal27@nhs.net>
Date: Fri, 5 Jan 2024 14:20:05 +0000
Subject: [PATCH] [PRMT-4325] - Added snakeyaml as a dependency constraint

---
 build.gradle | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index c279feb..3a7189b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -28,8 +28,12 @@ jar {
 }
 
 dependencies {
-    implementation 'org.yaml:snakeyaml:2.2'
     implementation 'org.springframework.boot:spring-boot-starter'
+    constraints {
+        implementation('org.yaml:snakeyaml:2.2') {
+            because 'snakeyaml < 2.0 is vulnerable'
+        }
+    }
     implementation 'org.springframework.boot:spring-boot-starter-web'