@@ -35,22 +35,6 @@ subprojects {
3535 testRuntimeOnly(libs. junit. platform. launcher)
3636 testImplementation(libs. mockito. core)
3737 testImplementation(libs. mockito. junit. jupiter)
38-
39- // Security constraints
40- constraints {
41- implementation(" ch.qos.logback:logback-core:1.5.15"
42- because(" versions below 1.5.15 have security vulnerabilities - see dependabot #7, #6"
43- }
44- implementation(" ch.qos.logback:logback-classic:1.5.15"
45- because(" versions below 1.5.15 have security vulnerabilities - see dependabot #7, #6"
46- }
47- implementation(" org.springframework:spring-web:6.2.8"
48- because(" versions below 6.2.8 have security vulnerabilities including CVE-2024-38820 - see dependabot #12"
49- }
50- implementation(" org.apache.tomcat.embed:tomcat-embed-core:10.1.42"
51- because(" versions below 10.1.42 have security vulnerabilities including CVE-2024-56337 - see dependabot #13"
52- }
53- }
5438 }
5539
5640 jacoco {
@@ -79,6 +63,22 @@ subprojects {
7963 annotationProcessor(libs. lombok)
8064 testCompileOnly(libs. lombok)
8165 testAnnotationProcessor(libs. lombok)
66+
67+ // Security constraints
68+ constraints {
69+ implementation(" ch.qos.logback:logback-core:1.5.15"
70+ because(" versions below 1.5.15 have security vulnerabilities - see dependabot #7, #6"
71+ }
72+ implementation(" ch.qos.logback:logback-classic:1.5.15"
73+ because(" versions below 1.5.15 have security vulnerabilities - see dependabot #7, #6"
74+ }
75+ implementation(" org.springframework:spring-web:6.2.8"
76+ because(" versions below 6.2.8 have security vulnerabilities including CVE-2024-38820 - see dependabot #12"
77+ }
78+ implementation(" org.apache.tomcat.embed:tomcat-embed-core:10.1.42"
79+ because(" versions below 10.1.42 have security vulnerabilities including CVE-2024-56337 - see dependabot #13"
80+ }
81+ }
8282 }
8383
8484 checkstyle {
0 commit comments