You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ch...@apache.org on 2023/01/29 09:13:55 UTC
[kyuubi] branch master updated: [KYUUBI #4207] Bump snakeyaml from 1.31 to 1.33
This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new b5b4cd140 [KYUUBI #4207] Bump snakeyaml from 1.31 to 1.33
b5b4cd140 is described below
commit b5b4cd140702688f625d0b09472dbceff7420585
Author: liangbowen <li...@gf.com.cn>
AuthorDate: Sun Jan 29 17:13:46 2023 +0800
[KYUUBI #4207] Bump snakeyaml from 1.31 to 1.33
### _Why are the changes needed?_
- Bump snakeyaml from 1.31 to 1.33 reducing 2 direct CVE vulnerabilities, see (https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes)
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
Closes #4207 from bowenliang123/snakeyaml-1.33.
Closes #4207
080024ce5 [liangbowen] bump snakeyaml from 1.31 to 1.33
Authored-by: liangbowen <li...@gf.com.cn>
Signed-off-by: Cheng Pan <ch...@apache.org>
---
dev/dependencyList | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dev/dependencyList b/dev/dependencyList
index b061ac68e..268d10ca2 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -171,7 +171,7 @@ simpleclient_tracer_common/0.16.0//simpleclient_tracer_common-0.16.0.jar
simpleclient_tracer_otel/0.16.0//simpleclient_tracer_otel-0.16.0.jar
simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.31//snakeyaml-1.31.jar
+snakeyaml/1.33//snakeyaml-1.33.jar
swagger-annotations/2.2.1//swagger-annotations-2.2.1.jar
swagger-core/2.2.1//swagger-core-2.2.1.jar
swagger-integration/2.2.1//swagger-integration-2.2.1.jar
diff --git a/pom.xml b/pom.xml
index c6c579d5c..62ed1e6a2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -180,7 +180,7 @@
<scalatestplus.version>3.2.15.0</scalatestplus.version>
<scopt.version>4.1.0</scopt.version>
<slf4j.version>1.7.36</slf4j.version>
- <snakeyaml.version>1.31</snakeyaml.version>
+ <snakeyaml.version>1.33</snakeyaml.version>
<!--
DO NOT forget to change the following properties when change the minor version of Spark:
`delta.version`, `maven.plugin.scalatest.exclude.tags`