You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@streampipes.apache.org by GitBox <gi...@apache.org> on 2022/09/18 09:55:45 UTC

[GitHub] [incubator-streampipes] pjfanning opened a new pull request, #109: update snakeyaml due to CVEs

pjfanning opened a new pull request, #109:
URL: https://github.com/apache/incubator-streampipes/pull/109

   https://github.com/advisories/GHSA-c4r9-r8fh-9vj2
   
   <!--
     ~ Licensed to the Apache Software Foundation (ASF) under one or more
     ~ contributor license agreements.  See the NOTICE file distributed with
     ~ this work for additional information regarding copyright ownership.
     ~ The ASF licenses this file to You under the Apache License, Version 2.0
     ~ (the "License"); you may not use this file except in compliance with
     ~ the License.  You may obtain a copy of the License at
     ~
     ~    http://www.apache.org/licenses/LICENSE-2.0
     ~
     ~ Unless required by applicable law or agreed to in writing, software
     ~ distributed under the License is distributed on an "AS IS" BASIS,
     ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     ~ See the License for the specific language governing permissions and
     ~ limitations under the License.
     ~
     -->
     
     <!--
   Thanks for contributing! Here are some tips you can follow to help us incorporate your contribution quickly and easily:
   1. If this is your first time, please read our contributor guidelines:
       - https://streampipes.apache.org/getinvolved.html
       - https://cwiki.apache.org/confluence/display/STREAMPIPES/Getting+Started
   2. Make sure the PR title is formatted like: `[STREAMPIPES-<Jira issue #>] PR title ...`
   3. If the PR is unfinished, add '[WIP]' in your PR title, e.g., `[WIP][STREAMPIPES-<Jira issue #>] PR title ...`.
   4. Please write your PR title to summarize what this PR proposes/fixes.
   5. Be sure to keep the PR description updated to reflect all changes.
   6. If possible, provide a concise example to reproduce the issue for a faster review.
   7. Make sure tests pass via `mvn clean install`.
   8. (Optional) If the contribution is large, please file an Apache ICLA
       - http://apache.org/licenses/icla.pdf
   -->
   
   ### Purpose
   <!--
   Please clarify what changes you are proposing and describe how those changes will address the issue.
   -->
   
   ### Approach
   <!--
   Describe how you are implementing the solutions along with the design details.
   -->
   
   ### Samples
   <!--
   Provide high-level details about the samples related to this feature.
   -->
   
   ### Remarks
   <!--
   List related issues/PRs, link to discussions in the mailing list, todo items, or any other notes related to the PR.
   -->
   Fixes: <Jira issue link>
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@streampipes.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-streampipes] pjfanning commented on pull request #109: [STREAMPIPES-519] update snakeyaml due to CVEs

Posted by GitBox <gi...@apache.org>.

pjfanning commented on PR #109:
URL: https://github.com/apache/incubator-streampipes/pull/109#issuecomment-1251701104

   @tenthe snakeyaml 1.32 brings in a default limit of 3Mb when parsing yaml files.
   
   Need to allow users to specify another value if they need to.
   
   https://bitbucket.org/snakeyaml/snakeyaml/src/72dfa9f1074abe2b8a6c8776bee4476b0aed02e3/src/main/java/org/yaml/snakeyaml/LoaderOptions.java
   
   I only became aware of this issue in the last few hours.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@streampipes.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-streampipes] tenthe merged pull request #109: [STREAMPIPES-519] update snakeyaml due to CVEs

Posted by GitBox <gi...@apache.org>.

tenthe merged PR #109:
URL: https://github.com/apache/incubator-streampipes/pull/109


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@streampipes.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-streampipes] tenthe commented on pull request #109: [STREAMPIPES-519] update snakeyaml due to CVEs

Posted by GitBox <gi...@apache.org>.

tenthe commented on PR #109:
URL: https://github.com/apache/incubator-streampipes/pull/109#issuecomment-1250571921

   Thanks a lot for providing the PR


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@streampipes.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org