chore: Fix transitive vulnerability in jackson

Set the minimum version to 2.15.0. Version 2.14.2 brought in transitively by com.auth0:[email protected] has CWE-400. A gradle constraint does not fix the version, just sets a minimum version: https://www.linen.dev/s/gradle-community/t/22694678/hi-snyk-has-revealed-that-some-deeply-nested-transitive-depe#e46476e5-70e1-49a7-a72f-fa5453374e42
wiremock · Sep 13, 2024 · f3713d1 · f3713d1
1 parent 56bac09
commit f3713d1
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -62,6 +62,12 @@ dependencies {
   implementation "org.bitbucket.b_c:jose4j:$versions.jose4j"
   implementation 'org.apache.commons:commons-lang3:3.17.0'
   implementation 'commons-codec:commons-codec:1.17.1'
+
+  constraints {
+    implementation('com.fasterxml.jackson.core:jackson-core:2.15.0') {
+      because 'version 2.14.2 brought in transitively by com.auth0:[email protected] has CWE-400'
+    }
+  }
 }
 
 shadowJar {