diff --git a/build.gradle b/build.gradle
index 29cde772a..c359d7058 100644
--- a/build.gradle
+++ b/build.gradle
@@ -18,8 +18,8 @@ ext {
slf4jVersion = "1.7.36"
logbackVersion = "1.2.11"
hk2Version = "3.0.2"
- jacksonVersion = "2.13.3";
- jacksonDatabindVersion = "2.13.3";
+ jacksonVersion = "2.13.4";
+ jacksonDatabindVersion = "2.14.0-rc1";
}
allprojects {
@@ -68,7 +68,7 @@ allprojects {
testImplementation "nl.jqno.equalsverifier:equalsverifier:3.7.1"
testImplementation "com.mockrunner:mockrunner-jdbc:2.0.4"
- implementation "org.yaml:snakeyaml:1.31" // transitive dependency of jackson-databind:2.13.3
+ implementation "org.yaml:snakeyaml:1.33" // transitive dependency of jackson-databind:2.13.3
implementation "commons-cli:commons-cli:1.5.0"
implementation "commons-codec:commons-codec:1.15"
@@ -151,7 +151,7 @@ allprojects {
implementation("org.glassfish:jakarta.json:2.0.1:module")
api "jakarta.el:jakarta.el-api:4.0.0"
- implementation "org.glassfish:jakarta.el:4.0.1"
+ implementation "org.glassfish:jakarta.el:4.0.2"
api "jakarta.validation:jakarta.validation-api:3.0.0"
implementation "org.hibernate.validator:hibernate-validator:7.0.1.Final"
diff --git a/cvss-suppressions.xml b/cvss-suppressions.xml
index 59d8fa5b6..d4a4113bd 100644
--- a/cvss-suppressions.xml
+++ b/cvss-suppressions.xml
@@ -25,4 +25,11 @@
^pkg:maven/org\.springframework/spring\-.*$
CVE-2016-1000027
+
+
+ ^pkg:maven/org.yaml/snakeyaml@1.33
+ CVE-2022-38752
+
diff --git a/tessera-jaxrs/openapi/generate/build.gradle b/tessera-jaxrs/openapi/generate/build.gradle
index b74aef802..b2a85062c 100644
--- a/tessera-jaxrs/openapi/generate/build.gradle
+++ b/tessera-jaxrs/openapi/generate/build.gradle
@@ -4,7 +4,7 @@ plugins {
configurations.all {
resolutionStrategy {
- force 'org.yaml:snakeyaml:1.31', 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
+ force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
}
}
diff --git a/tessera-jaxrs/sync-jaxrs/build.gradle b/tessera-jaxrs/sync-jaxrs/build.gradle
index 92b6db6dd..9daf45e5b 100644
--- a/tessera-jaxrs/sync-jaxrs/build.gradle
+++ b/tessera-jaxrs/sync-jaxrs/build.gradle
@@ -5,7 +5,7 @@ plugins {
configurations.all {
resolutionStrategy {
- force 'org.yaml:snakeyaml:1.31', 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
+ force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
}
}
diff --git a/tessera-jaxrs/thirdparty-jaxrs/build.gradle b/tessera-jaxrs/thirdparty-jaxrs/build.gradle
index 0137a4baa..4fe4a3aa7 100644
--- a/tessera-jaxrs/thirdparty-jaxrs/build.gradle
+++ b/tessera-jaxrs/thirdparty-jaxrs/build.gradle
@@ -5,7 +5,7 @@ plugins {
configurations.all {
resolutionStrategy {
- force 'org.yaml:snakeyaml:1.31', 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
+ force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
}
}
diff --git a/tessera-jaxrs/transaction-jaxrs/build.gradle b/tessera-jaxrs/transaction-jaxrs/build.gradle
index da8ecfa01..a252ff421 100644
--- a/tessera-jaxrs/transaction-jaxrs/build.gradle
+++ b/tessera-jaxrs/transaction-jaxrs/build.gradle
@@ -5,7 +5,7 @@ plugins {
configurations.all {
resolutionStrategy {
- force 'org.yaml:snakeyaml:1.31', 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
+ force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
}
}
diff --git a/tests/acceptance-test/build.gradle b/tests/acceptance-test/build.gradle
index 64a25c7b3..4d73eb278 100644
--- a/tests/acceptance-test/build.gradle
+++ b/tests/acceptance-test/build.gradle
@@ -70,7 +70,7 @@ dependencies {
testImplementation "org.eclipse.jetty:jetty-servlet"
- testImplementation "org.yaml:snakeyaml:1.27"
+ testImplementation "org.yaml:snakeyaml"
}