HADOOP-18443. Upgrade snakeyaml to 1.31 to mitigate CVE-2022-25857 (#4856)

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Brahma Reddy Battula <brahma@apache.org>
2022-09-08 15:28:38 +01:00 · 2022-09-08 15:28:38 +01:00 · 832d0e0d76
commit 832d0e0d76
parent 42c8f61fec
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@ -362,7 +362,7 @@ org.ehcache:ehcache:3.3.1
 org.lz4:lz4-java:1.7.1
 org.objenesis:objenesis:2.6
 org.xerial.snappy:snappy-java:1.0.5
-org.yaml:snakeyaml:1.16:
+org.yaml:snakeyaml:1.31:
 org.wildfly.openssl:wildfly-openssl:1.0.7.Final


--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@ -197,7 +197,7 @@
    <declared.hadoop.version>${hadoop.version}</declared.hadoop.version>

    <swagger-annotations-version>1.5.4</swagger-annotations-version>
-    <snakeyaml.version>1.26</snakeyaml.version>
+    <snakeyaml.version>1.31</snakeyaml.version>
    <hbase.one.version>1.7.1</hbase.one.version>
    <hbase.two.version>2.2.4</hbase.two.version>
    <junit.version>4.13.2</junit.version>