[jira] [Commented] (TINKERPOP-2796) High severity security vulnerability found in snakeyaml

ASF GitHub Bot (Jira) Fri, 16 Sep 2022 13:14:33 -0700


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605982#comment-17605982
 ]


ASF GitHub Bot commented on TINKERPOP-2796:
-------------------------------------------

codecov-commenter commented on PR #1810:
URL: https://github.com/apache/tinkerpop/pull/1810#issuecomment-1249772246

   # 
[Codecov](https://codecov.io/gh/apache/tinkerpop/pull/1810?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#1810](https://codecov.io/gh/apache/tinkerpop/pull/1810?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (692a383) into 
[3.5-dev](https://codecov.io/gh/apache/tinkerpop/commit/361e903a52bd38b7560d4788be5e4647d1f5128f?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (361e903) will **decrease** coverage by `5.80%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@              Coverage Diff              @@
   ##             3.5-dev    #1810      +/-   ##
   =============================================
   - Coverage      69.38%   63.58%   -5.81%     
   =============================================
     Files            861       23     -838     
     Lines          40858     3636   -37222     
     Branches        5384        0    -5384     
   =============================================
   - Hits           28350     2312   -26038     
   + Misses         10605     1145    -9460     
   + Partials        1903      179    -1724     
   ```
   
   
   | [Impacted 
Files](https://codecov.io/gh/apache/tinkerpop/pull/1810?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 | Coverage Δ | |
   |---|---|---|
   | 
[...rpop/gremlin/jsr223/DefaultBindingsCustomizer.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9qc3IyMjMvRGVmYXVsdEJpbmRpbmdzQ3VzdG9taXplci5qYXZh)
 | | |
   | 
[...n/structure/io/binary/types/MetricsSerializer.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9zdHJ1Y3R1cmUvaW8vYmluYXJ5L3R5cGVzL01ldHJpY3NTZXJpYWxpemVyLmphdmE=)
 | | |
   | 
[...rocess/traversal/step/util/FunctionComparator.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL3RyYXZlcnNhbC9zdGVwL3V0aWwvRnVuY3Rpb25Db21wYXJhdG9yLmphdmE=)
 | | |
   | 
[...ss/computer/util/AbstractVertexProgramBuilder.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL2NvbXB1dGVyL3V0aWwvQWJzdHJhY3RWZXJ0ZXhQcm9ncmFtQnVpbGRlci5qYXZh)
 | | |
   | 
[...op/gremlin/structure/util/GraphVariableHelper.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9zdHJ1Y3R1cmUvdXRpbC9HcmFwaFZhcmlhYmxlSGVscGVyLmphdmE=)
 | | |
   | 
[...p/gremlin/driver/remote/DriverRemoteTraversal.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1kcml2ZXIvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3RpbmtlcnBvcC9ncmVtbGluL2RyaXZlci9yZW1vdGUvRHJpdmVyUmVtb3RlVHJhdmVyc2FsLmphdmE=)
 | | |
   | 
[...s/computer/ranking/pagerank/PageRankMapReduce.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL2NvbXB1dGVyL3JhbmtpbmcvcGFnZXJhbmsvUGFnZVJhbmtNYXBSZWR1Y2UuamF2YQ==)
 | | |
   | 
[...a/org/apache/tinkerpop/gremlin/structure/Edge.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9zdHJ1Y3R1cmUvRWRnZS5qYXZh)
 | | |
   | 
[.../gremlin/driver/ser/GryoMessageSerializerV3d0.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1kcml2ZXIvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3RpbmtlcnBvcC9ncmVtbGluL2RyaXZlci9zZXIvR3J5b01lc3NhZ2VTZXJpYWxpemVyVjNkMC5qYXZh)
 | | |
   | 
[...cture/io/binary/types/ZonedDateTimeSerializer.java](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9zdHJ1Y3R1cmUvaW8vYmluYXJ5L3R5cGVzL1pvbmVkRGF0ZVRpbWVTZXJpYWxpemVyLmphdmE=)
 | | |
   | ... and [828 
more](https://codecov.io/gh/apache/tinkerpop/pull/1810/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 | |
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   




> High severity security vulnerability found in snakeyaml
> -------------------------------------------------------
>
>                 Key: TINKERPOP-2796
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2796
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: console, server
>    Affects Versions: 3.6.1
>            Reporter: Aaron Coady
>            Priority: Major
>
> The package org.yaml:snakeyaml is included in server an console at version 
> 1.27 and is flagged by this high severity security vulnerability 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-25857]
>  
> The fix is in version -1.31- 1.32 and later



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TINKERPOP-2796) High severity security vulnerability found in snakeyaml

Reply via email to