Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Update dependencies on snakeyaml #3507

Closed
wants to merge 1 commit into from
Closed

feat: Update dependencies on snakeyaml #3507

wants to merge 1 commit into from

Conversation

samuel-hawker
Copy link

Update snakeyaml to address CVE https://nvd.nist.gov/vuln/detail/CVE-2022-1471

@apicurio-bot
Copy link

apicurio-bot bot commented Jul 13, 2023

Thank you for creating a pull request!

Pinging @carlesarnal to respond or triage.

@samuel-hawker
Copy link
Author

Apologies, i was having some issues running the IT tests locally. I will work on fixing my environment so that I can fix these issues

@samuel-hawker
Copy link
Author

I tried updating jackson-databind also, but this has not worked, I believe this is a clash with quarkus's dependency on Jackson?
And this cannot be resolved without updating quarkus?

@carlesarnal
Copy link
Member

I tried updating jackson-databind also, but this has not worked, I believe this is a clash with quarkus's dependency on Jackson? And this cannot be resolved without updating quarkus?

That is correct, unfortunately, this cannot be fixed until we upgrade the Quarkus version to Quarkus 3.

@carlesarnal
Copy link
Member

I'm addressing this problem here #3530, closing this PR as a result.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samuel-hawker @carlesarnal