Merge pull request #214 from neicnordic/security-fix/snakeyaml_upgrade

resolve vuln #53 by upgrading snakeyaml explicitly
neicnordic · Aug 30, 2023 · 0d10b03 · 0d10b03
2 parents 9a7fe45 + 8abc780
commit 0d10b03
Showing 1 changed file with 16 additions and 11 deletions.
diff --git a/pom.xml b/pom.xml
@@ -110,27 +110,32 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-          <groupId>no.uio.ifi</groupId>
-          <artifactId>crypt4gh</artifactId>
-          <version>2.4.7</version>
+            <groupId>no.uio.ifi</groupId>
+            <artifactId>crypt4gh</artifactId>
+            <version>2.4.7</version>
             <exclusions>
-             <exclusion>
-                <groupId>org.slf4j</groupId>
-                <artifactId>slf4j-jdk14</artifactId>
-             </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-jdk14</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
             <groupId>no.uio.ifi</groupId>
             <artifactId>clearinghouse</artifactId>
             <version>1.2.1</version>
             <exclusions>
-             <exclusion>
-                <groupId>org.slf4j</groupId>
-                <artifactId>slf4j-jdk14</artifactId>
-             </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-jdk14</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.2</version>
+        </dependency>
     </dependencies>
 
     <repositories>