[dolphinscheduler] branch dev updated: [Improvement-12029][dolphinscheduler-api] Upgrade the snakeyaml version to avoid vulnerabilities (#12726)

[kezhenxu94]

This is an automated email from the ASF dual-hosted git repository.

kezhenxu94 pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new 1f23d29698 [Improvement-12029][dolphinscheduler-api] Upgrade the 
snakeyaml version to avoid vulnerabilities (#12726)
1f23d29698 is described below

commit 1f23d296988850cfeef17325cdfddeadc6303403
Author: seedscoder <seedsco...@gmail.com>
AuthorDate: Fri Nov 11 13:33:04 2022 +0800

    [Improvement-12029][dolphinscheduler-api] Upgrade the snakeyaml version to 
avoid vulnerabilities (#12726)
---
 dolphinscheduler-bom/pom.xml               | 2 +-
 dolphinscheduler-dist/release-docs/LICENSE | 2 +-
 tools/dependencies/known-dependencies.txt  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dolphinscheduler-bom/pom.xml b/dolphinscheduler-bom/pom.xml
index f33032e880..75053784c5 100644
--- a/dolphinscheduler-bom/pom.xml
+++ b/dolphinscheduler-bom/pom.xml
@@ -94,7 +94,7 @@
         <snappy.version>1.1.8.4</snappy.version>
         <spark.version>3.2.2</spark.version>
         <janino.version>3.0.16</janino.version>
-        <snakeyaml.version>1.31</snakeyaml.version>
+        <snakeyaml.version>1.33</snakeyaml.version>
         <htrace.version>4.1.1</htrace.version>
         <datasync.version>2.17.282</datasync.version>
         <springdoc-openapi-ui.version>1.6.9</springdoc-openapi-ui.version>
diff --git a/dolphinscheduler-dist/release-docs/LICENSE 
b/dolphinscheduler-dist/release-docs/LICENSE
index fc1ae6aa65..7443c8a2e4 100644
--- a/dolphinscheduler-dist/release-docs/LICENSE
+++ b/dolphinscheduler-dist/release-docs/LICENSE
@@ -352,7 +352,7 @@ The text of each license is also included at 
licenses/LICENSE-[project].txt.
     poi-ooxml-schemas-4.1.2: 
https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml-schemas/4.1.2, 
Apache 2.0
     quartz 2.3.2: 
https://mvnrepository.com/artifact/org.quartz-scheduler/quartz/2.3.2, Apache 2.0
     reload4j 1.2.18.3: 
https://mvnrepository.com/artifact/ch.qos.reload4j/reload4j/1.2.18.3, Apache 2.0
-    snakeyaml 1.31: 
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.31, Apache 2.0
+    snakeyaml 1.33: 
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.33, Apache 2.0
     snappy-java 1.1.8.4: https://github.com/xerial/snappy-java, Apache 2.0
     SparseBitSet 1.2: 
https://mvnrepository.com/artifact/com.zaxxer/SparseBitSet/1.2, Apache 2.0
     spring-aop 5.3.13: 
https://mvnrepository.com/artifact/org.springframework/spring-aop/5.3.13, 
Apache 2.0
diff --git a/tools/dependencies/known-dependencies.txt 
b/tools/dependencies/known-dependencies.txt
index 73cc2d603b..f7e755298a 100644
--- a/tools/dependencies/known-dependencies.txt
+++ b/tools/dependencies/known-dependencies.txt
@@ -276,7 +276,7 @@ simpleclient_tracer_common-0.15.0.jar
 simpleclient_tracer_otel-0.15.0.jar
 simpleclient_tracer_otel_agent-0.15.0.jar
 slf4j-api-1.7.36.jar
-snakeyaml-1.31.jar
+snakeyaml-1.33.jar
 snappy-java-1.1.8.4.jar
 spring-aop-5.3.22.jar
 spring-beans-5.3.22.jar