Looks good! Thanks a lot for sharing. I am wondering whether this should rather be based on SnakeYaml Engine (YAML 1.2 processor) instead of the legacy SnakeYaml (YAML 1.1). Also I am wondering if you disable deserialisation of potentially dangerous YAML (compare with https://en.wikipedia.org/wiki/YAML#Criticism and https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md, Section data for untrusted sources). Also in this case Snakeyaml Engine is inherently safer as it will never by default create objects out of those defined by the JSON Schema.
Also it is a bit unfortunate that this currently depends on the not yet released Maven 4 rc3…. Konrad > On 5. Mar 2025, at 17:16, Guillaume Nodet <gno...@apache.org> wrote: > > Hey ! > > A while ago, I created a Hocon based POM parser [1], leveraging Maven > 4 new capabilities to support new syntaxes for POMs. > However, as much as that syntax seems interesting, I've been pointed > that it's not really supported. So I never actually released it. > But I'd still like to get out a new syntax and so I wrote one to > support the well known YAML syntax. I thus created a small extension > to support it [2]. > It's much more concise wrt GAV ids and especially dependencies [3]. > > So I'd like to get it into the Maven project and release it. > > [1] https://github.com/apache/maven-hocon-extension > [2] https://github.com/gnodet/maven-yaml-extension > [3] > https://github.com/gnodet/maven-yaml-extension/blob/master/src/test/resources/dependency-gav.yaml#L21-L30 > > -- > ------------------------ > Guillaume Nodet > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org >
