diff --git a/build.gradle.kts b/build.gradle.kts index 1f545aea5..d3079176c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -159,3 +159,14 @@ subprojects { } } } + +dependencies { + constraints { + implementation("org.yaml:snakeyaml:2.0") { + because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.") + } + implementation("net.minidev:json-smart:2.4.10") { + because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") + } + } +} diff --git a/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts index 78b5e253f..5888c34c4 100644 --- a/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-postgresql/build.gradle.kts @@ -11,11 +11,6 @@ dependencies { runtimeOnly(project(":edc-controlplane:edc-controlplane-base")) runtimeOnly(project(":edc-extensions:postgresql-migration")) runtimeOnly(edc.azure.vault) - constraints { - implementation("net.minidev:json-smart:2.4.10") { - because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") - } - } runtimeOnly(edc.bundles.sqlstores) runtimeOnly(edc.transaction.local) runtimeOnly(edc.sql.pool) diff --git a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts index 020dc0512..02d29b7db 100644 --- a/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts +++ b/edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts @@ -8,11 +8,6 @@ plugins { dependencies { implementation(project(":edc-dataplane:edc-dataplane-base")) implementation(edc.azure.vault) - constraints { - implementation("net.minidev:json-smart:2.4.10") { - because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.") - } - } implementation(edc.azure.identity) implementation("com.azure:azure-security-keyvault-secrets:4.6.0") } diff --git a/edc-extensions/control-plane-adapter/build.gradle.kts b/edc-extensions/control-plane-adapter/build.gradle.kts index c205d5cb0..fe34a0866 100644 --- a/edc-extensions/control-plane-adapter/build.gradle.kts +++ b/edc-extensions/control-plane-adapter/build.gradle.kts @@ -8,14 +8,7 @@ plugins { dependencies { implementation(edc.spi.core) implementation(edc.spi.policy) - implementation(edc.api.management) - constraints { - implementation("org.yaml:snakeyaml:2.0") { - because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.") - } - } - implementation(edc.spi.catalog) implementation(edc.spi.transactionspi) implementation(edc.spi.transaction.datasource)