Bump SnakeYAML from 1.19 to 1.26 to address CVE-2017-18640 (#207)

The SDK only parses YAML if the application has configured the SDK with a flag data file. It's unlikely CVE-2017-18640 would affect SDK usage as it requires configuration and access to a local file.
launchdarkly · Sep 3, 2020 · 6c87a65 · 6c87a65
1 parent 7a24d96
commit 6c87a65
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -76,7 +76,7 @@ ext.versions = [
     "okhttp": "4.8.1", // specify this for the SDK build instead of relying on the transitive dependency from okhttp-eventsource
     "okhttpEventsource": "2.3.1",
     "slf4j": "1.7.21",
-    "snakeyaml": "1.19",
+    "snakeyaml": "1.26",
     "jedis": "2.9.0"
 ]