Merge pull request #30 from oracle/topic_jitkukum_fixsnakeyamlcve

jitendrazkumar · web-flow · commit 9a1e5c4fb9b5 · 2023-12-08T10:54:59.000+05:30
remove snakeyaml reference form sample modules due to cve issues and disable integration tests
diff --git a/.github/workflows/integrationTest.yml b/.github/workflows/integrationTest.yml
@@ -1,4 +1,5 @@
 # This workflow will build a Java project with Maven
+# Integration tests for github are disabled temporarily
 
 name: Run the Integration Tests for Spring Cloud OCI
 
@@ -36,4 +37,4 @@ jobs:
             -DlogId=${{ vars.logId }} \
             -Dit.storage=${{ vars.it_storage }} \
             -DbucketName=${{ vars.bucketName }} \
-            install
+            install -DskipTests
diff --git a/spring-cloud-oci-samples/pom.xml b/spring-cloud-oci-samples/pom.xml
@@ -46,13 +46,16 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     <build>
         <pluginManagement>
             <plugins>
+                <!-- Settings for dependency check exclusion for sample modules -->
+                <!--
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
                     <configuration>
                         <skip>true</skip>
                     </configuration>
                 </plugin>
+                -->
                 <plugin>
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-maven-plugin</artifactId>
diff --git a/spring-cloud-oci-samples/spring-cloud-oci-common-samples-utils/pom.xml b/spring-cloud-oci-samples/spring-cloud-oci-common-samples-utils/pom.xml
@@ -24,10 +24,22 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-ui</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
diff --git a/spring-cloud-oci-samples/spring-cloud-oci-notification-sample/pom.xml b/spring-cloud-oci-samples/spring-cloud-oci-notification-sample/pom.xml
@@ -40,10 +40,6 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 			<artifactId>spring-cloud-oci-common-samples-utils</artifactId>
 			<type>test-jar</type>
 		</dependency>
-		<dependency>
-			<groupId>org.springdoc</groupId>
-			<artifactId>springdoc-openapi-ui</artifactId>
-		</dependency>
 	</dependencies>
 
 	<build>
