[flink] branch master updated: [FLINK-30175][Build] Bump snakeyaml from 1.31 to 1.33

Tue, 13 Dec 2022 06:01:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

martijnvisser pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git


The following commit(s) were added to refs/heads/master by this push:
     new 2c89283b877 [FLINK-30175][Build] Bump snakeyaml from 1.31 to 1.33
2c89283b877 is described below

commit 2c89283b87746398ac2be425f13cd587a9fa6228
Author: Martijn Visser <[email protected]>
AuthorDate: Wed Nov 23 14:51:03 2022 +0100

    [FLINK-30175][Build] Bump snakeyaml from 1.31 to 1.33
---
 flink-kubernetes/src/main/resources/META-INF/NOTICE | 2 +-
 pom.xml                                             | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/flink-kubernetes/src/main/resources/META-INF/NOTICE 
b/flink-kubernetes/src/main/resources/META-INF/NOTICE
index f4ecc7fdcb2..4c624104361 100644
--- a/flink-kubernetes/src/main/resources/META-INF/NOTICE
+++ b/flink-kubernetes/src/main/resources/META-INF/NOTICE
@@ -36,7 +36,7 @@ This project bundles the following dependencies under the 
Apache Software Licens
 - io.fabric8:kubernetes-model-scheduling:5.12.3
 - io.fabric8:kubernetes-model-storageclass:5.12.3
 - io.fabric8:zjsonpatch:0.3.0
-- org.yaml:snakeyaml:1.31
+- org.yaml:snakeyaml:1.33
 
 This project bundles the following dependencies under the BSD License.
 See bundled license files for details.
diff --git a/pom.xml b/pom.xml
index 785d3a7b5aa..99cf68618c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -884,7 +884,7 @@ under the License.
                                <!-- Bumped for security purposes and making it 
work with Jackson dependencies (2.10.1) -->
                                <groupId>org.yaml</groupId>
                                <artifactId>snakeyaml</artifactId>
-                               <version>1.31</version>
+                               <version>1.33</version>
                        </dependency>
                        <dependency>
                                <groupId>io.netty</groupId>
@@ -1712,12 +1712,12 @@ under the License.
                                                        <rules>
                                                                
<bannedDependencies>
                                                                        
<excludes>
-                                                                               
<exclude>org.yaml:snakeyaml:(,1.30]</exclude>
+                                                                               
<exclude>org.yaml:snakeyaml:(,1.31]</exclude>
                                                                        
</excludes>
                                                                        
<includes>
                                                                                
<!-- Snakeyaml is pulled in by many modules without using it in production,
                                                                                
        so there's no benefit in us investing time into bumping these. -->
-                                                                               
<include>org.yaml:snakeyaml:(,1.30]:*:test</include>
+                                                                               
<include>org.yaml:snakeyaml:(,1.31]:*:test</include>
                                                                        
</includes>
                                                                        
<message>Older snakeyaml versions are not allowed due to security 
vulnerabilities.</message>
                                                                
</bannedDependencies>

Reply via email to