@@ -14,21 +14,21 @@ lazy val management = (project in file(".")).enablePlugins(SbtWeb).enablePlugins
1414 buildInfoKeys := Seq [BuildInfoKey ](name, version, scalaVersion, sbtVersion),
1515 buildInfoPackage := " de.upb.cs.swt.delphi.management"
1616 )
17-
17+
1818val conf = ConfigFactory .parseFile(new File (" conf/application.conf"
1919val appPortManagement = conf.getString(" app.portManagement"
2020
2121PlayKeys .devSettings := Seq (
2222 " play.server.http.port" -> appPortManagement
23- )
23+ )
2424pipelineStages := Seq (digest,gzip)
2525
2626resolvers += Resolver .sonatypeRepo(" snapshots"
2727resolvers += Resolver .jcenterRepo
2828
2929libraryDependencies += guice
3030libraryDependencies += " org.scalatestplus.play" %% " scalatestplus-play" % " 3.1.2" % Test
31- libraryDependencies += " com.h2database " % " h2 " % " 1.4.197 "
31+
3232libraryDependencies += " com.mohiva" %% " play-silhouette" % " 5.0.0"
3333libraryDependencies += " com.mohiva" %% " play-silhouette-persistence" % " 5.0.0"
3434libraryDependencies += " com.mohiva" %% " play-silhouette-crypto-jca" % " 5.0.0"
@@ -41,3 +41,12 @@ libraryDependencies += "com.adrianhurt" %% "play-bootstrap" % "1.4-P26-B4-SNAPSH
4141libraryDependencies += " eu.bitwalker" % " UserAgentUtils" % " 1.20"
4242
4343routesGenerator := InjectedRoutesGenerator
44+
45+ // Pinning secure versions of insecure transitive libraryDependencies
46+ // Please update when updating dependencies above (including Play plugin)
47+ libraryDependencies ++= Seq (
48+ " com.nimbusds" % " nimbus-jose-jwt" % " 5.14"
49+ " org.bouncycastle" % " bcprov-jdk15on" % " 1.60"
50+ " com.google.guava" % " guava" % " 25.1-jre"
51+ " org.apache.commons" % " commons-compress" % " 1.16"
52+ )
0 commit comments