diff options
| author | Ryan Lewis <ryan@rlew.io> | 2022-11-10 08:01:34 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-10 09:01:34 +0100 |
| commit | 7c3b40397d5b5922f7ac03d1153163011b988610 (patch) | |
| tree | 03e1c2e77d9919a6c88347a5a531918763fb0b7f | |
| parent | 631934363a02e06b5f7dcb7a8141223c6363f2bb (diff) | |
| download | dokka-7c3b40397d5b5922f7ac03d1153163011b988610.tar.gz dokka-7c3b40397d5b5922f7ac03d1153163011b988610.tar.bz2 dokka-7c3b40397d5b5922f7ac03d1153163011b988610.zip | |
Introduce jackson-databind constraint for 2.12.7.1 (#2733)
Fixes CVE-2022-42003
| -rw-r--r-- | core/build.gradle.kts | 6 | ||||
| -rw-r--r-- | gradle.properties | 2 | ||||
| -rw-r--r-- | plugins/all-modules-page/build.gradle.kts | 6 | ||||
| -rw-r--r-- | plugins/base/build.gradle.kts | 6 | ||||
| -rw-r--r-- | plugins/gfm/build.gradle.kts | 6 | ||||
| -rw-r--r-- | plugins/templating/build.gradle.kts | 6 | ||||
| -rw-r--r-- | plugins/versioning/build.gradle.kts | 6 |
7 files changed, 38 insertions, 0 deletions
diff --git a/core/build.gradle.kts b/core/build.gradle.kts index 97b89976..41db29d3 100644 --- a/core/build.gradle.kts +++ b/core/build.gradle.kts @@ -15,6 +15,12 @@ dependencies { val jackson_version: String by project implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version") implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml:$jackson_version") + val jackson_databind_version: String by project + constraints { + implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") { + because("CVE-2022-42003") + } + } val coroutines_version: String by project implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutines_version") diff --git a/gradle.properties b/gradle.properties index 5483dc4b..cd86cf40 100644 --- a/gradle.properties +++ b/gradle.properties @@ -11,6 +11,8 @@ idea_version=213.6777.52 language_version=1.4 # jackson 2.13.X does not support kotlin language version 1.4, check before updating jackson_version=2.12.7 +# fixes CVE-2022-42003 +jackson_databind_version=2.12.7.1 freemarker_version=2.3.31 # Code style kotlin.code.style=official diff --git a/plugins/all-modules-page/build.gradle.kts b/plugins/all-modules-page/build.gradle.kts index f993d45c..a690e077 100644 --- a/plugins/all-modules-page/build.gradle.kts +++ b/plugins/all-modules-page/build.gradle.kts @@ -18,6 +18,12 @@ dependencies { implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutines_version") val jackson_version: String by project implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version") + val jackson_databind_version: String by project + constraints { + implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") { + because("CVE-2022-42003") + } + } val kotlinx_html_version: String by project implementation("org.jetbrains.kotlinx:kotlinx-html-jvm:$kotlinx_html_version") diff --git a/plugins/base/build.gradle.kts b/plugins/base/build.gradle.kts index 91684ece..93348ed7 100644 --- a/plugins/base/build.gradle.kts +++ b/plugins/base/build.gradle.kts @@ -11,6 +11,12 @@ dependencies { val jackson_version: String by project implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version") + val jackson_databind_version: String by project + constraints { + implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") { + because("CVE-2022-42003") + } + } val freemarker_version: String by project implementation("org.freemarker:freemarker:$freemarker_version") diff --git a/plugins/gfm/build.gradle.kts b/plugins/gfm/build.gradle.kts index 8b1be11d..ee486dfd 100644 --- a/plugins/gfm/build.gradle.kts +++ b/plugins/gfm/build.gradle.kts @@ -6,6 +6,12 @@ dependencies { testImplementation(project(":plugins:base:base-test-utils")) val jackson_version: String by project implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version") + val jackson_databind_version: String by project + constraints { + implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") { + because("CVE-2022-42003") + } + } } registerDokkaArtifactPublication("gfmPlugin") { diff --git a/plugins/templating/build.gradle.kts b/plugins/templating/build.gradle.kts index d6d602dd..ee1067ef 100644 --- a/plugins/templating/build.gradle.kts +++ b/plugins/templating/build.gradle.kts @@ -11,6 +11,12 @@ dependencies { implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutines_version") val jackson_version: String by project implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version") + val jackson_databind_version: String by project + constraints { + implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") { + because("CVE-2022-42003") + } + } val kotlinx_html_version: String by project implementation("org.jetbrains.kotlinx:kotlinx-html-jvm:$kotlinx_html_version") diff --git a/plugins/versioning/build.gradle.kts b/plugins/versioning/build.gradle.kts index f838399b..7d585a44 100644 --- a/plugins/versioning/build.gradle.kts +++ b/plugins/versioning/build.gradle.kts @@ -12,6 +12,12 @@ dependencies { implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutines_version") val jackson_version: String by project implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version") + val jackson_databind_version: String by project + constraints { + implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") { + because("CVE-2022-42003") + } + } val kotlinx_html_version: String by project implementation("org.jetbrains.kotlinx:kotlinx-html-jvm:$kotlinx_html_version") |