build(deps): Move Gradle dependencies constrains into root build.grad…

…le.kts (#273) Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com>
eclipse-tractusx · May 4, 2023 · 8b4e3c8 · 8b4e3c8
1 parent 8c6e842
commit 8b4e3c8
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 17 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -159,3 +159,14 @@ subprojects {
         }
     }
 }
+
+dependencies {
+    constraints {
+        implementation("org.yaml:snakeyaml:2.0") {
+            because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
+        }
+        implementation("net.minidev:json-smart:2.4.10") {
+            because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
+        }
+    }
+}
diff --git a/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts
@@ -11,11 +11,6 @@ dependencies {
     runtimeOnly(project(":edc-controlplane:edc-controlplane-base"))
     runtimeOnly(project(":edc-extensions:postgresql-migration"))
     runtimeOnly(edc.azure.vault)
-    constraints {
-        implementation("net.minidev:json-smart:2.4.10") {
-            because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
-        }
-    }
     runtimeOnly(edc.bundles.sqlstores)
     runtimeOnly(edc.transaction.local)
     runtimeOnly(edc.sql.pool)

diff --git a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts
@@ -8,11 +8,6 @@ plugins {
 dependencies {
     implementation(project(":edc-dataplane:edc-dataplane-base"))
     implementation(edc.azure.vault)
-    constraints {
-        implementation("net.minidev:json-smart:2.4.10") {
-            because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
-        }
-    }
     implementation(edc.azure.identity)
     implementation("com.azure:azure-security-keyvault-secrets:4.6.0")
 }

diff --git a/edc-extensions/control-plane-adapter/build.gradle.kts b/edc-extensions/control-plane-adapter/build.gradle.kts
@@ -8,14 +8,7 @@ plugins {
 dependencies {
     implementation(edc.spi.core)
     implementation(edc.spi.policy)
-
     implementation(edc.api.management)
-    constraints {
-        implementation("org.yaml:snakeyaml:2.0") {
-            because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
-        }
-    }
-
     implementation(edc.spi.catalog)
     implementation(edc.spi.transactionspi)
     implementation(edc.spi.transaction.datasource)