build(deps): Move Gradle dependencies constrains into root build.gradle.kts (#273)

Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com>

Author: 2 people

build.gradle.kts

@@ -159,3 +159,14 @@ subprojects {
         }
     }
 }
+
+dependencies {
+    constraints {
+        implementation("org.yaml:snakeyaml:2.0") {
+            because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
+        }
+        implementation("net.minidev:json-smart:2.4.10") {
+            because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
+        }
+    }
+}

edc-controlplane/edc-controlplane-postgresql/build.gradle.kts

@@ -11,11 +11,6 @@ dependencies {
     runtimeOnly(project(":edc-controlplane:edc-controlplane-base"))
     runtimeOnly(project(":edc-extensions:postgresql-migration"))
     runtimeOnly(edc.azure.vault)
-    constraints {
-        implementation("net.minidev:json-smart:2.4.10") {
-            because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
-        }
-    }
     runtimeOnly(edc.bundles.sqlstores)
     runtimeOnly(edc.transaction.local)
     runtimeOnly(edc.sql.pool)

edc-dataplane/edc-dataplane-azure-vault/build.gradle.kts

@@ -8,11 +8,6 @@ plugins {
 dependencies {
     implementation(project(":edc-dataplane:edc-dataplane-base"))
     implementation(edc.azure.vault)
-    constraints {
-        implementation("net.minidev:json-smart:2.4.10") {
-            because("version 2.4.8 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370.")
-        }
-    }
     implementation(edc.azure.identity)
     implementation("com.azure:azure-security-keyvault-secrets:4.6.0")
 }

edc-extensions/control-plane-adapter/build.gradle.kts

@@ -8,14 +8,7 @@ plugins {
 dependencies {
     implementation(edc.spi.core)
     implementation(edc.spi.policy)
-
     implementation(edc.api.management)
-    constraints {
-        implementation("org.yaml:snakeyaml:2.0") {
-            because("version 1.33 has vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471.")
-        }
-    }
-
     implementation(edc.spi.catalog)
     implementation(edc.spi.transactionspi)
     implementation(edc.spi.transaction.datasource)