Merge pull request #1931 from hmcts/AM-2728_CVE-2022-1471_Fix

AM-2728 CVE-2022-1471 snakeyaml 2.0, springBoot 2.7.12, launchDarklyS…
hmcts · Jul 10, 2023 · d3b8677 · d3b8677
2 parents 4639e8d + 8344edf
commit d3b8677
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 7 deletions.
diff --git a/build.gradle b/build.gradle
@@ -35,7 +35,7 @@ apply plugin: 'project-report'
 apply plugin: 'idea'
 apply plugin: 'io.spring.dependency-management'
 
-ext['snakeyaml.version'] = '1.32'
+ext['snakeyaml.version'] = '2.0'
 
 def versions = [
   junit          : '5.9.0',
@@ -46,7 +46,7 @@ def versions = [
   reformS2sClient: '4.0.2',
   serenity       : '2.2.12',
   sonarPitest    : '0.5',
-  springBoot     : '2.6.15',
+  springBoot     : '2.7.12',
   spring         : '5.3.27',
   springSecurity : '5.7.8',
   springHystrix  : '2.1.1.RELEASE',
@@ -56,7 +56,7 @@ def versions = [
   cucumber       : '5.7.0',
   feign_jackson  : '12.1',
   drools         : '7.69.0.Final',
-  launchDarklySdk: '5.10.7',
+  launchDarklySdk: '5.10.8',
   log4JVersion   : '2.19.0',
   logbackVersion : '1.2.10'
 ]

diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -5,10 +5,6 @@
       https://tools.hmcts.net/jira/browse/AM-2840 json-java</notes>
     <cve>CVE-2022-45688</cve>
   </suppress>
-  <suppress>
-    <notes>CVE-2022-1471 https://tools.hmcts.net/jira/browse/AM-2728 snakeyaml</notes>
-    <cve>CVE-2022-1471</cve>
-  </suppress>
   <suppress>
     <notes>https://tools.hmcts.net/jira/browse/AM-2839 jackson-databind</notes>
     <cve>CVE-2023-35116</cve>