Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

snakeyaml upgrade #1163

Closed
magicprinc opened this issue May 7, 2024 · 2 comments
Closed

snakeyaml upgrade #1163

magicprinc opened this issue May 7, 2024 · 2 comments

Comments

@magicprinc
Copy link

org.yaml:snakeyaml:1.30 is old and has 7 vulnerabilities

Is it time to upgrade?

https://mvnrepository.com/artifact/org.yaml/snakeyaml/2.2

@radcortez
Copy link
Member

Are you on an old version of Smallrye Config?

We updated to 2.2 in 3.5.0:
#985

@magicprinc
Copy link
Author

Crazy situation!
I have had io.smallrye.config:smallrye-config-source-yaml:3.8.1, but org.yaml:snakeyaml:1.30.

Spring Boot 2 Gradle plugin has somehow been forcing 1.30.
But IDEA Gradle dependency inspector was showing 1.30 was coming from Smallrye Config.

I have explicitly added dependency org.yaml:snakeyaml:2.2 to fix this.

Sorry and thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants