From a8cc4b84e535132b7985644652c7d81b6d172fdc Mon Sep 17 00:00:00 2001 From: Markus Bucher Date: Mon, 29 Jun 2026 15:52:04 +0200 Subject: [PATCH] fix: restrict wiremock to test scope to prevent handlebars CVE from propagating to consumers wiremock-jetty12 was declared without test, causing handlebars:4.3.1 (CVE-2025-48924, path traversal) to leak into the compile-scope dependency tree of any app using this plugin. --- cds-feature-event-hub/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/cds-feature-event-hub/pom.xml b/cds-feature-event-hub/pom.xml index 12c1e8e..f6bf275 100644 --- a/cds-feature-event-hub/pom.xml +++ b/cds-feature-event-hub/pom.xml @@ -103,6 +103,7 @@ org.wiremock wiremock-jetty12 3.13.1 + test