Merge pull request #7 from wiremock/fix-vulns

chore: Fix transitive vulnerability in jackson
wiremock · Sep 13, 2024 · 6ed66f7 · 6ed66f7
2 parents 56bac09 + f3713d1
commit 6ed66f7
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -62,6 +62,12 @@ dependencies {
   implementation "org.bitbucket.b_c:jose4j:$versions.jose4j"
   implementation 'org.apache.commons:commons-lang3:3.17.0'
   implementation 'commons-codec:commons-codec:1.17.1'
+
+  constraints {
+    implementation('com.fasterxml.jackson.core:jackson-core:2.15.0') {
+      because 'version 2.14.2 brought in transitively by com.auth0:[email protected] has CWE-400'
+    }
+  }
 }
 
 shadowJar {