You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ch...@apache.org on 2023/01/29 09:13:55 UTC

[kyuubi] branch master updated: [KYUUBI #4207] Bump snakeyaml from 1.31 to 1.33

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/master by this push:
     new b5b4cd140 [KYUUBI #4207] Bump snakeyaml from 1.31 to 1.33
b5b4cd140 is described below

commit b5b4cd140702688f625d0b09472dbceff7420585
Author: liangbowen <li...@gf.com.cn>
AuthorDate: Sun Jan 29 17:13:46 2023 +0800

    [KYUUBI #4207] Bump snakeyaml from 1.31 to 1.33
    
    ### _Why are the changes needed?_
    
    - Bump snakeyaml from 1.31 to 1.33 reducing 2 direct CVE vulnerabilities, see (https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes)
    
    ### _How was this patch tested?_
    - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible
    
    - [ ] Add screenshots for manual tests if appropriate
    
    - [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
    
    Closes #4207 from bowenliang123/snakeyaml-1.33.
    
    Closes #4207
    
    080024ce5 [liangbowen] bump snakeyaml from 1.31 to 1.33
    
    Authored-by: liangbowen <li...@gf.com.cn>
    Signed-off-by: Cheng Pan <ch...@apache.org>
---
 dev/dependencyList | 2 +-
 pom.xml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index b061ac68e..268d10ca2 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -171,7 +171,7 @@ simpleclient_tracer_common/0.16.0//simpleclient_tracer_common-0.16.0.jar
 simpleclient_tracer_otel/0.16.0//simpleclient_tracer_otel-0.16.0.jar
 simpleclient_tracer_otel_agent/0.16.0//simpleclient_tracer_otel_agent-0.16.0.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.31//snakeyaml-1.31.jar
+snakeyaml/1.33//snakeyaml-1.33.jar
 swagger-annotations/2.2.1//swagger-annotations-2.2.1.jar
 swagger-core/2.2.1//swagger-core-2.2.1.jar
 swagger-integration/2.2.1//swagger-integration-2.2.1.jar
diff --git a/pom.xml b/pom.xml
index c6c579d5c..62ed1e6a2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -180,7 +180,7 @@
         <scalatestplus.version>3.2.15.0</scalatestplus.version>
         <scopt.version>4.1.0</scopt.version>
         <slf4j.version>1.7.36</slf4j.version>
-        <snakeyaml.version>1.31</snakeyaml.version>
+        <snakeyaml.version>1.33</snakeyaml.version>
         <!--
           DO NOT forget to change the following properties when change the minor version of Spark:
           `delta.version`, `maven.plugin.scalatest.exclude.tags`