You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2022/09/07 14:53:00 UTC
[jira] [Comment Edited] (CONFIGURATION-821) upgrade snakeyaml to 1.31 due to CVE (optional dependency)
[ https://issues.apache.org/jira/browse/CONFIGURATION-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601348#comment-17601348 ]
Gary D. Gregory edited comment on CONFIGURATION-821 at 9/7/22 2:52 PM:
-----------------------------------------------------------------------
Already done in git master.
{{commit 17d7fb1227df4e1e4f37d79ff0d1835e15d31082}}
{{Author: dependabot[bot] <49...@users.noreply.github.com> 2022-09-02 09:04:06}}
{{Committer: Bruno P. Kinoshita <ki...@users.noreply.github.com> 2022-09-02 13:18:15}}
{{Parent: f805f742b66a3046944c07c79e22c19e88449908 (Use GAV coordinates Maven Central coordinates to make sure to pick up the latest)}}
{{Child: 4117b2050ab011f131d5a81c824bf89ddde303d4 (Bump actions/checkout from 3 to 3.0.2.)}}
{{{}Branches: master, origin/HEAD, origin/master, upstream/master{}}}{{{}Bump snakeyaml from 1.30 to 1.31{}}}{{{}Bumps [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 1.30 to 1.31.{}}}
{{{}- [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-1.31..snakeyaml-1.30){}}}{{{}---{}}}
{{updated-dependencies:}}
{{- dependency-name: org.yaml:snakeyaml}}
{{ dependency-type: direct:production}}
{{ update-type: version-update:semver-minor}}
{{{}...{}}}{{{}Signed-off-by: dependabot[bot] <su...@github.com>{}}}
was (Author: garydgregory):
Already done in git master.
> upgrade snakeyaml to 1.31 due to CVE (optional dependency)
> ----------------------------------------------------------
>
> Key: CONFIGURATION-821
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-821
> Project: Commons Configuration
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
> Fix For: 2.9.0
>
>
> https://github.com/advisories/GHSA-3mc7-4q67-w48m
--
This message was sent by Atlassian Jira
(v8.20.10#820010)