Upgrading SnakeYAML and Spring Boot to address CVE-2022-1471 (!43) · Merge requests · OSDU Software / OSDU Data Platform / System / Lib / cloud / gcp / OSM

David Diederich requested to merge upgrade-snakeyaml into main Apr 07, 2023

This upgrades the SnakeYAML dependency to be version 2.0, addressing a critical security vulnerability (CVE-2022-1471).

It required explicitly setting the dependency rather than allowing it to be inherited from Spring Boot.

Furthermore, Spring Boot 2.7.2 wasn't compatible with the SnakeYAML upgrade, so I upgraded that to 2.7.10 to pass the tests.

Closes #3

Edited Apr 07, 2023 by David Diederich

Admin message