From 58047a8eb1270f0dc54f0d2b6770a40f64c1ae16 Mon Sep 17 00:00:00 2001
From: Sergey Nuyanzin <snuyanzin@gmail.com>
Date: Sat, 4 Jan 2025 12:54:54 +0100
Subject: [PATCH] [FLINK-36976] Bump snakeyaml to 2.3

---
 .../src/main/resources/META-INF/NOTICE                 |  2 +-
 flink-kubernetes/src/main/resources/META-INF/NOTICE    |  2 +-
 pom.xml                                                | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
index 9d359a3f697d2..26986a88950b0 100644
--- a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
+++ b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
@@ -18,7 +18,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - org.apache.commons:commons-lang3:3.12.0
 - org.apache.kafka:kafka-clients:7.5.3-ccs
 - org.xerial.snappy:snappy-java:1.1.10.7
-- org.yaml:snakeyaml:1.33
+- org.yaml:snakeyaml:2.3
 
 This project bundles the following dependencies under the BSD license.
 See bundled license files for details.
diff --git a/flink-kubernetes/src/main/resources/META-INF/NOTICE b/flink-kubernetes/src/main/resources/META-INF/NOTICE
index c82c92115821c..b0d8896f04c52 100644
--- a/flink-kubernetes/src/main/resources/META-INF/NOTICE
+++ b/flink-kubernetes/src/main/resources/META-INF/NOTICE
@@ -41,4 +41,4 @@ This project bundles the following dependencies under the Apache Software Licens
 - io.fabric8:kubernetes-model-storageclass:6.13.4
 - io.fabric8:zjsonpatch:0.3.0
 - org.snakeyaml:snakeyaml-engine:2.6
-- org.yaml:snakeyaml:1.33
+- org.yaml:snakeyaml:2.3
diff --git a/pom.xml b/pom.xml
index c3a9f96ca3389..4222db61c20ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -883,10 +883,10 @@ under the License.
 				<version>3.4.2</version>
 			</dependency>
 			<dependency>
-				<!-- Bumped for security purposes and making it work with Jackson dependencies (2.10.1) -->
+				<!-- Bumped for security purposes and making it work with Jackson dependencies (2.18.2) -->
 				<groupId>org.yaml</groupId>
 				<artifactId>snakeyaml</artifactId>
-				<version>1.33</version>
+				<version>2.3</version>
 			</dependency>
 			<dependency>
 				<groupId>io.netty</groupId>
@@ -1836,12 +1836,12 @@ under the License.
 							<rules>
 								<bannedDependencies>
 									<excludes>
-										<exclude>org.yaml:snakeyaml:(,1.31]</exclude>
+										<exclude>org.yaml:snakeyaml:(,2.2]</exclude>
 									</excludes>
 									<includes>
 										<!-- Snakeyaml is pulled in by many modules without using it in production,
 											so there's no benefit in us investing time into bumping these. -->
-										<include>org.yaml:snakeyaml:(,1.31]:*:test</include>
+										<include>org.yaml:snakeyaml:(,2.2]:*:test</include>
 									</includes>
 									<message>Older snakeyaml versions are not allowed due to security vulnerabilities.</message>
 								</bannedDependencies>
@@ -1857,7 +1857,7 @@ under the License.
 							<rules>
 								<bannedDependencies>
 									<excludes>
-										<exclude>com.fasterxml.jackson*:*:(,2.12.0]</exclude>
+										<exclude>com.fasterxml.jackson*:*:(,2.14.0]</exclude>
 									</excludes>
 									<message>Older jackson versions are not allowed due to security vulnerabilities.</message>
 								</bannedDependencies>