Skip to content

Upgrade to SnakeYAML 2.0 #34693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Upgrade to SnakeYAML 2.0 #34693

wants to merge 1 commit into from

Conversation

shitian9
Copy link

Resolving CVE-2022-1471  with the SnakeYAML 2.0

@shitian9
Upgrade to SnakeYAML 2.0
46f5d26 
Resolving CVE-2022-1471  with the SnakeYAML 2.0
@pivotal-cla
Copy link

@shitian9 Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 21, 2023
@pivotal-cla
Copy link

@shitian9 Thank you for signing the Contributor License Agreement!

@wilkinsona
Copy link
Member

Thanks for the proposal but, as mentioned in the pull request template, we don't accept pull requests for one-line dependency upgrades like this. We also can't upgrade to a new major version of SnakeYAML in a maintenance (3.0.x release) of Spring Boot. Lastly, there are some other compatibility issues to consider here such as the SnakeYAML support in Spring Framework and Jackson.

@wilkinsona wilkinsona closed this Mar 21, 2023
@wilkinsona wilkinsona added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status: declined A suggestion or change that we don't feel we should currently apply

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shitian9 @pivotal-cla @wilkinsona @spring-projects-issues