Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to SnakeYAML 2.0 #34693

Closed
wants to merge 1 commit into from
Closed

Conversation

shitian9
Copy link

Resolving CVE-2022-1471  with the SnakeYAML 2.0

Resolving CVE-2022-1471  with the SnakeYAML 2.0
@pivotal-cla
Copy link

@shitian9 Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 21, 2023
@pivotal-cla
Copy link

@shitian9 Thank you for signing the Contributor License Agreement!

@wilkinsona
Copy link
Member

Thanks for the proposal but, as mentioned in the pull request template, we don't accept pull requests for one-line dependency upgrades like this. We also can't upgrade to a new major version of SnakeYAML in a maintenance (3.0.x release) of Spring Boot. Lastly, there are some other compatibility issues to consider here such as the SnakeYAML support in Spring Framework and Jackson.

@wilkinsona wilkinsona closed this Mar 21, 2023
@wilkinsona wilkinsona added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants