-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate to SnakeYAML Engine #4836
Migrate to SnakeYAML Engine #4836
Conversation
Kudos, SonarCloud Quality Gate passed! |
@manusa do you expect anything from me or you can continue ? |
@manusa can you please clarify why a dependency to SnakeYAML was added back ? I removed it to use the SnakeYAML Engine |
The dependency is only added for the Karaf Bundle. Jackson Dataformat YAML has a transitive dependency to SnakeYAML (2.14.2 -> 1.33). Karaf requires to add the bundle to the container in order to be able to run the test application. So yes, our internal usage of SnakeYAML has now shifted to SnakeYAML Engine thanks to your changes. However, I guess Jackson is still using the regular SnakeYAML. I'm also assuming that Jackson does a responsible use of SnakeYAML internally. |
@manusa thank you for the clarification.
correct assumption (but the quasi-security tooling still creates a false positive for Jackson) Jackson already migrated to SnakewYAML Engine in version 3.0 |
I guess someone had something to do with that :) FasterXML/jackson-dataformats-text#106 Looking forward for the 3.0 release |
Description
Supersedes closes #4753
Originally posted by @asomov in #4753
Type of change
test, version modification, documentation, etc.)
Checklist