Work around CVEs reported against build dependencies

marcphilipp · marcphilipp · commit 9115b1db7b8c · 2025-12-09T20:06:08.000+01:00
diff --git a/gradle/plugins/antora/build.gradle.kts b/gradle/plugins/antora/build.gradle.kts
@@ -8,7 +8,23 @@ plugins {
 dependencies {
 	implementation(projects.buildParameters)
 	implementation(libs.plugins.node.markerCoordinates)
+	constraints {
+		implementation("com.fasterxml.jackson.core:jackson-core") {
+			version {
+				require("2.15.0")
+			}
+			because("Workaround for CVE-2025-52999")
+		}
+	}
 	implementation(libs.plugins.spring.antora.markerCoordinates)
+	constraints {
+		implementation("org.yaml:snakeyaml") {
+			version {
+				require("2.0")
+			}
+			because("Workaround for CVE-2022-1471")
+		}
+	}
 }
 
 tasks.compileJava {
