Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: exclude unused vulnerable transitive deps
- bcprov-jdk15on and bcprov-ext-jdk15on have been flagged with many CVEs: CVE-2020-15522, CVE-2020-0187, CVE-2020-26939, CVE-2023-33201 for the latter, and CVE-2020-0187, CVE-2023-33201 for the former. - these transitive deps are not used in UAA or in the library codepaths invoked by UAA, so excluding them to address these CVEs. - following these 2 commits in the develop branch: 8bdb525 and 214e1cb - gradle doc on the exclude statement: https://docs.gradle.org/current/userguide/dependency_downgrade_and_exclude.html#sec:excluding-transitive-deps
- Loading branch information