You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by ma...@apache.org on 2022/12/13 14:01:40 UTC
[flink] branch master updated: [FLINK-30175][Build] Bump snakeyaml from 1.31 to 1.33
This is an automated email from the ASF dual-hosted git repository.
martijnvisser pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push:
new 2c89283b877 [FLINK-30175][Build] Bump snakeyaml from 1.31 to 1.33
2c89283b877 is described below
commit 2c89283b87746398ac2be425f13cd587a9fa6228
Author: Martijn Visser <ma...@apache.org>
AuthorDate: Wed Nov 23 14:51:03 2022 +0100
[FLINK-30175][Build] Bump snakeyaml from 1.31 to 1.33
---
flink-kubernetes/src/main/resources/META-INF/NOTICE | 2 +-
pom.xml | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/flink-kubernetes/src/main/resources/META-INF/NOTICE b/flink-kubernetes/src/main/resources/META-INF/NOTICE
index f4ecc7fdcb2..4c624104361 100644
--- a/flink-kubernetes/src/main/resources/META-INF/NOTICE
+++ b/flink-kubernetes/src/main/resources/META-INF/NOTICE
@@ -36,7 +36,7 @@ This project bundles the following dependencies under the Apache Software Licens
- io.fabric8:kubernetes-model-scheduling:5.12.3
- io.fabric8:kubernetes-model-storageclass:5.12.3
- io.fabric8:zjsonpatch:0.3.0
-- org.yaml:snakeyaml:1.31
+- org.yaml:snakeyaml:1.33
This project bundles the following dependencies under the BSD License.
See bundled license files for details.
diff --git a/pom.xml b/pom.xml
index 785d3a7b5aa..99cf68618c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -884,7 +884,7 @@ under the License.
<!-- Bumped for security purposes and making it work with Jackson dependencies (2.10.1) -->
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
- <version>1.31</version>
+ <version>1.33</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
@@ -1712,12 +1712,12 @@ under the License.
<rules>
<bannedDependencies>
<excludes>
- <exclude>org.yaml:snakeyaml:(,1.30]</exclude>
+ <exclude>org.yaml:snakeyaml:(,1.31]</exclude>
</excludes>
<includes>
<!-- Snakeyaml is pulled in by many modules without using it in production,
so there's no benefit in us investing time into bumping these. -->
- <include>org.yaml:snakeyaml:(,1.30]:*:test</include>
+ <include>org.yaml:snakeyaml:(,1.31]:*:test</include>
</includes>
<message>Older snakeyaml versions are not allowed due to security vulnerabilities.</message>
</bannedDependencies>