From 832d0e0d76cea7b78eecfe5dbf297e47530c33af Mon Sep 17 00:00:00 2001
From: Ashutosh Gupta <ashutosh.gupta@st.niituniversity.in>
Date: Thu, 8 Sep 2022 15:28:38 +0100
Subject: [PATCH] HADOOP-18443. Upgrade snakeyaml to 1.31 to mitigate
 CVE-2022-25857 (#4856)

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
Signed-off-by: Brahma Reddy Battula <brahma@apache.org>
---
 LICENSE-binary         | 2 +-
 hadoop-project/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 1ae5a6d2cf..05b7dcfbe3 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -362,7 +362,7 @@ org.ehcache:ehcache:3.3.1
 org.lz4:lz4-java:1.7.1
 org.objenesis:objenesis:2.6
 org.xerial.snappy:snappy-java:1.0.5
-org.yaml:snakeyaml:1.16:
+org.yaml:snakeyaml:1.31:
 org.wildfly.openssl:wildfly-openssl:1.0.7.Final
 
 
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 8b7bf59d30..6649fa5740 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -197,7 +197,7 @@
     <declared.hadoop.version>${hadoop.version}</declared.hadoop.version>
 
     <swagger-annotations-version>1.5.4</swagger-annotations-version>
-    <snakeyaml.version>1.26</snakeyaml.version>
+    <snakeyaml.version>1.31</snakeyaml.version>
     <hbase.one.version>1.7.1</hbase.one.version>
     <hbase.two.version>2.2.4</hbase.two.version>
     <junit.version>4.13.2</junit.version>