[FLINK-36976] Bump snakeyaml to 2.3

apache · Jan 7, 2025 · 58047a8 · 58047a8
1 parent 98a36a7
commit 58047a8
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
@@ -18,7 +18,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - org.apache.commons:commons-lang3:3.12.0
 - org.apache.kafka:kafka-clients:7.5.3-ccs
 - org.xerial.snappy:snappy-java:1.1.10.7
-- org.yaml:snakeyaml:1.33
+- org.yaml:snakeyaml:2.3
 
 This project bundles the following dependencies under the BSD license.
 See bundled license files for details.

diff --git a/flink-kubernetes/src/main/resources/META-INF/NOTICE b/flink-kubernetes/src/main/resources/META-INF/NOTICE
@@ -41,4 +41,4 @@ This project bundles the following dependencies under the Apache Software Licens
 - io.fabric8:kubernetes-model-storageclass:6.13.4
 - io.fabric8:zjsonpatch:0.3.0
 - org.snakeyaml:snakeyaml-engine:2.6
-- org.yaml:snakeyaml:1.33
+- org.yaml:snakeyaml:2.3
diff --git a/pom.xml b/pom.xml
@@ -883,10 +883,10 @@ under the License.
 				<version>3.4.2</version>
 			</dependency>
 			<dependency>
-				<!-- Bumped for security purposes and making it work with Jackson dependencies (2.10.1) -->
+				<!-- Bumped for security purposes and making it work with Jackson dependencies (2.18.2) -->
 				<groupId>org.yaml</groupId>
 				<artifactId>snakeyaml</artifactId>
-				<version>1.33</version>
+				<version>2.3</version>
 			</dependency>
 			<dependency>
 				<groupId>io.netty</groupId>
@@ -1836,12 +1836,12 @@ under the License.
 							<rules>
 								<bannedDependencies>
 									<excludes>
-										<exclude>org.yaml:snakeyaml:(,1.31]</exclude>
+										<exclude>org.yaml:snakeyaml:(,2.2]</exclude>
 									</excludes>
 									<includes>
 										<!-- Snakeyaml is pulled in by many modules without using it in production,
 											so there's no benefit in us investing time into bumping these. -->
-										<include>org.yaml:snakeyaml:(,1.31]:*:test</include>
+										<include>org.yaml:snakeyaml:(,2.2]:*:test</include>
 									</includes>
 									<message>Older snakeyaml versions are not allowed due to security vulnerabilities.</message>
 								</bannedDependencies>
@@ -1857,7 +1857,7 @@ under the License.
 							<rules>
 								<bannedDependencies>
 									<excludes>
-										<exclude>com.fasterxml.jackson*:*:(,2.12.0]</exclude>
+										<exclude>com.fasterxml.jackson*:*:(,2.14.0]</exclude>
 									</excludes>
 									<message>Older jackson versions are not allowed due to security vulnerabilities.</message>
 								</bannedDependencies>