Skip to content

Commit

Permalink
MAT-6407: updating version of spring-boot-starter-parent and overridi…
Browse files Browse the repository at this point in the history 
…ng version of thymeleaf used by HAPI FHIR via dependencyManagement to mitigate Critical and High Snyk vulnerabilities
  • Loading branch information
@nmorasb
nmorasb committed Nov 8, 2023
1 parent f5d959e commit a4b9f7d
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.9</version>
<version>3.0.12</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>gov.cms.madie</groupId>
Expand All @@ -33,6 +33,17 @@
</repository>
</repositories>

<dependencyManagement>
<dependencies>
<!-- override thymeleaf dependency for hapi-fhir because there is a critical vulnerability -->
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf</artifactId>
<version>3.1.2.RELEASE</version>
</dependency>
</dependencies>
</dependencyManagement>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand Down Expand Up @@ -84,6 +95,7 @@
<artifactId>hapi-fhir-validation</artifactId>
<version>${hapi.fhir.r4.version}</version>
</dependency>

<dependency>
<groupId>ca.uhn.hapi.fhir</groupId>
<artifactId>hapi-fhir-validation-resources-r4</artifactId>
Expand Down

0 comments on commit a4b9f7d

Please sign in to comment.