From 7c3b40397d5b5922f7ac03d1153163011b988610 Mon Sep 17 00:00:00 2001
From: Ryan Lewis <ryan@rlew.io>
Date: Thu, 10 Nov 2022 08:01:34 +0000
Subject: Introduce jackson-databind constraint for 2.12.7.1 (#2733)

Fixes CVE-2022-42003
---
 plugins/all-modules-page/build.gradle.kts | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'plugins/all-modules-page/build.gradle.kts')

diff --git a/plugins/all-modules-page/build.gradle.kts b/plugins/all-modules-page/build.gradle.kts
index f993d45c..a690e077 100644
--- a/plugins/all-modules-page/build.gradle.kts
+++ b/plugins/all-modules-page/build.gradle.kts
@@ -18,6 +18,12 @@ dependencies {
     implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutines_version")
     val jackson_version: String by project
     implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jackson_version")
+    val jackson_databind_version: String by project
+    constraints {
+        implementation("com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version") {
+            because("CVE-2022-42003")
+        }
+    }
     val kotlinx_html_version: String by project
     implementation("org.jetbrains.kotlinx:kotlinx-html-jvm:$kotlinx_html_version")
 
-- 
cgit