You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by zh...@apache.org on 2022/02/14 11:38:38 UTC
[shardingsphere] branch master updated: Upgrade snakeyaml due to cve (#15260)
This is an automated email from the ASF dual-hosted git repository.
zhonghongsheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new ef05785 Upgrade snakeyaml due to cve (#15260)
ef05785 is described below
commit ef05785f78723b764e408bb7378e674e69e7aa02
Author: PJ Fanning <pj...@users.noreply.github.com>
AuthorDate: Mon Feb 14 12:37:40 2022 +0100
Upgrade snakeyaml due to cve (#15260)
---
examples/pom.xml | 2 +-
pom.xml | 4 ++--
.../shardingsphere-proxy-distribution/src/main/release-docs/LICENSE | 2 +-
.../yaml/engine/representer/processor/NoneYamlTupleProcessor.java | 3 ++-
.../infra/yaml/engine/representer/ShardingSphereYamlRepresenter.java | 3 ++-
.../infra/yaml/engine/fixture/YamlTupleProcessorFixture.java | 3 ++-
.../registry/process/subscriber/ProcessRegistrySubscriberTest.java | 2 +-
7 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/examples/pom.xml b/examples/pom.xml
index 6ffa171..d057eb6 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -73,7 +73,7 @@
<maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
<maven-source-plugin.version>3.2.1</maven-source-plugin.version>
<freemarker.version>2.3.31</freemarker.version>
- <snakeyaml.version>1.16</snakeyaml.version>
+ <snakeyaml.version>1.30</snakeyaml.version>
<flatten-maven-plugin.version>1.2.5</flatten-maven-plugin.version>
<javadocExecutable>${java.home}/../bin/javadoc</javadocExecutable>
diff --git a/pom.xml b/pom.xml
index 3d06b0a..9394fc8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,8 +61,8 @@
<antlr4.version>4.9.2</antlr4.version>
<groovy.version>4.0.0</groovy.version>
- <snakeyaml.version>1.16</snakeyaml.version>
-
+ <snakeyaml.version>1.30</snakeyaml.version>
+
<netty.version>4.1.73.Final</netty.version>
<commons-lang3.version>3.8</commons-lang3.version>
<commons-codec.version>1.10</commons-codec.version>
diff --git a/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/release-docs/LICENSE b/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/release-docs/LICENSE
index 792e9df..d2500a3 100644
--- a/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/release-docs/LICENSE
+++ b/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/release-docs/LICENSE
@@ -286,7 +286,7 @@ The text of each license is the standard Apache 2.0 license.
proto-google-common-protos 1.17.0: https://github.com/googleapis/common-protos-java, Apache 2.0
quartz 2.3.2: https://github.com/quartz-scheduler/quartz, Apache 2.0
sketches-core 0.9.0, Apache 2.0
- snakeyaml 1.16: http://www.snakeyaml.org, Apache 2.0
+ snakeyaml 1.30: http://www.snakeyaml.org, Apache 2.0
uzaygezen-core 0.2: code.google.com/p/uzaygezen, Apache 2.0
vertx-mysql-client 4.2.3: https://github.com/eclipse-vertx/vertx-sql-client, Apache 2.0
vertx-sql-client 4.2.3: https://github.com/eclipse-vertx/vertx-sql-client, Apache 2.0
diff --git a/shardingsphere-features/shardingsphere-sharding/shardingsphere-sharding-core/src/main/java/org/apache/shardingsphere/sharding/yaml/engine/representer/processor/NoneYamlTupleProcessor.java b/shardingsphere-features/shardingsphere-sharding/shardingsphere-sharding-core/src/main/java/org/apache/shardingsphere/sharding/yaml/engine/representer/processor/NoneYamlTupleProcessor.java
index c612132..a00cc86 100644
--- a/shardingsphere-features/shardingsphere-sharding/shardingsphere-sharding-core/src/main/java/org/apache/shardingsphere/sharding/yaml/engine/representer/processor/NoneYamlTupleProcessor.java
+++ b/shardingsphere-features/shardingsphere-sharding/shardingsphere-sharding-core/src/main/java/org/apache/shardingsphere/sharding/yaml/engine/representer/processor/NoneYamlTupleProcessor.java
@@ -18,6 +18,7 @@
package org.apache.shardingsphere.sharding.yaml.engine.representer.processor;
import org.apache.shardingsphere.infra.yaml.engine.representer.processor.ShardingSphereYamlTupleProcessor;
+import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.nodes.Node;
import org.yaml.snakeyaml.nodes.NodeTuple;
import org.yaml.snakeyaml.nodes.ScalarNode;
@@ -43,6 +44,6 @@ public final class NoneYamlTupleProcessor implements ShardingSphereYamlTupleProc
}
private NodeTuple processNoneTuple(final NodeTuple noneTuple) {
- return new NodeTuple(noneTuple.getKeyNode(), new ScalarNode(Tag.STR, "", null, null, null));
+ return new NodeTuple(noneTuple.getKeyNode(), new ScalarNode(Tag.STR, "", null, null, DumperOptions.ScalarStyle.PLAIN));
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/yaml/engine/representer/ShardingSphereYamlRepresenter.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/yaml/engine/representer/ShardingSphereYamlRepresenter.java
index 07eca42..0dcb1b4 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/yaml/engine/representer/ShardingSphereYamlRepresenter.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/yaml/engine/representer/ShardingSphereYamlRepresenter.java
@@ -21,6 +21,7 @@ import org.apache.shardingsphere.infra.yaml.config.swapper.YamlRuleConfiguration
import org.apache.shardingsphere.infra.yaml.engine.representer.processor.DefaultYamlTupleProcessor;
import org.apache.shardingsphere.infra.yaml.engine.representer.processor.ShardingSphereYamlTupleProcessor;
import org.apache.shardingsphere.spi.ShardingSphereServiceLoader;
+import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.introspector.Property;
import org.yaml.snakeyaml.nodes.Node;
import org.yaml.snakeyaml.nodes.NodeTuple;
@@ -58,7 +59,7 @@ public final class ShardingSphereYamlRepresenter extends Representer {
@SuppressWarnings({"rawtypes", "unchecked"})
@Override
- protected Node representMapping(final Tag tag, final Map<?, ?> mapping, final Boolean flowStyle) {
+ protected Node representMapping(final Tag tag, final Map<?, ?> mapping, final DumperOptions.FlowStyle flowStyle) {
Map skippedEmptyValuesMapping = new LinkedHashMap<>(mapping.size(), 1);
for (Entry<?, ?> entry : mapping.entrySet()) {
if (entry.getValue() instanceof Collection && ((Collection) entry.getValue()).isEmpty()) {
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/fixture/YamlTupleProcessorFixture.java b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/fixture/YamlTupleProcessorFixture.java
index 6af7f02..a7fa77f 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/fixture/YamlTupleProcessorFixture.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/fixture/YamlTupleProcessorFixture.java
@@ -18,6 +18,7 @@
package org.apache.shardingsphere.infra.yaml.engine.fixture;
import org.apache.shardingsphere.infra.yaml.engine.representer.processor.ShardingSphereYamlTupleProcessor;
+import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.nodes.NodeTuple;
import org.yaml.snakeyaml.nodes.ScalarNode;
import org.yaml.snakeyaml.nodes.Tag;
@@ -33,6 +34,6 @@ public final class YamlTupleProcessorFixture implements ShardingSphereYamlTupleP
@Override
public NodeTuple process(final NodeTuple nodeTuple) {
String value = ((ScalarNode) nodeTuple.getValueNode()).getValue();
- return "null".equals(value) ? null : new NodeTuple(nodeTuple.getKeyNode(), new ScalarNode(Tag.STR, String.join("_", "converted", value), null, null, null));
+ return "null".equals(value) ? null : new NodeTuple(nodeTuple.getKeyNode(), new ScalarNode(Tag.STR, String.join("_", "converted", value), null, null, DumperOptions.ScalarStyle.PLAIN));
}
}
diff --git a/shardingsphere-mode/shardingsphere-mode-type/shardingsphere-cluster-mode/shardingsphere-cluster-mode-core/src/test/java/org/apache/shardingsphere/mode/manager/cluster/coordinator/registry/process/subscriber/ProcessRegistrySubscriberTest.java b/shardingsphere-mode/shardingsphere-mode-type/shardingsphere-cluster-mode/shardingsphere-cluster-mode-core/src/test/java/org/apache/shardingsphere/mode/manager/cluster/coordinator/registry/process/subscriber/ProcessRegistrySubscriberTest.java
index d05fb96..2ff39c3 100644
--- a/shardingsphere-mode/shardingsphere-mode-type/shardingsphere-cluster-mode/shardingsphere-cluster-mode-core/src/test/java/org/apache/shardingsphere/mode/manager/cluster/coordinator/registry/process/subscriber/ProcessRegistrySubscriberTest.java
+++ b/shardingsphere-mode/shardingsphere-mode-type/shardingsphere-cluster-mode/shardingsphere-cluster-mode-core/src/test/java/org/apache/shardingsphere/mode/manager/cluster/coordinator/registry/process/subscriber/ProcessRegistrySubscriberTest.java
@@ -109,7 +109,7 @@ public final class ProcessRegistrySubscriberTest {
YamlExecuteProcessUnit yamlExecuteProcessUnit = new YamlExecuteProcessUnit();
yamlExecuteProcessUnit.setUnitID("159917166");
yamlExecuteProcessUnit.setStatus(ExecuteProcessConstants.EXECUTE_STATUS_DONE);
- Collection<YamlExecuteProcessUnit> unitStatuses = Collections.singleton(yamlExecuteProcessUnit);
+ Collection<YamlExecuteProcessUnit> unitStatuses = Collections.singletonList(yamlExecuteProcessUnit);
YamlExecuteProcessContext yamlExecuteProcessContext = new YamlExecuteProcessContext();
yamlExecuteProcessContext.setUnitStatuses(unitStatuses);
return YamlEngine.marshal(yamlExecuteProcessContext);