Fix snakeyaml vulnerability

author jitendra007 <jitendra.sharma1@huawei.com>

Fri, 21 Aug 2020 05:34:56 +0000 (11:04 +0530)

committer Bogumil Zebek <bogumil.zebek@nokia.com>

Fri, 21 Aug 2020 06:15:49 +0000 (06:15 +0000)
author jitendra007 <jitendra.sharma1@huawei.com>
Fri, 21 Aug 2020 05:34:56 +0000 (11:04 +0530)
committer Bogumil Zebek <bogumil.zebek@nokia.com>
Fri, 21 Aug 2020 06:15:49 +0000 (06:15 +0000)
diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml

index 41139fb..5d68fd4 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@ -104,8 +104,28 @@
                      <groupId>com.fasterxml.jackson.core</groupId>
                      <artifactId>jackson-databind</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.dataformat</groupId>
+                    <artifactId>jackson-dataformat-yaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-yaml</artifactId>
+            <version>2.9.5</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.26</version>
+        </dependency>
          <!-- jersey -->
  <!-- excluded jetty-util and added invulnerable version -->
          <dependency>
author	jitendra007 <jitendra.sharma1@huawei.com>
	Fri, 21 Aug 2020 05:34:56 +0000 (11:04 +0530)
committer	Bogumil Zebek <bogumil.zebek@nokia.com>
	Fri, 21 Aug 2020 06:15:49 +0000 (06:15 +0000)