Resolving CVE-2022-1471 with the SnakeYAML 2.0
Comment From: pivotal-cla
@shitian9 Please sign the Contributor License Agreement!
Click here to manually synchronize the status of this Pull Request.
See the FAQ for frequently asked questions.
Comment From: pivotal-cla
@shitian9 Thank you for signing the Contributor License Agreement!
Comment From: wilkinsona
Thanks for the proposal but, as mentioned in the pull request template, we don't accept pull requests for one-line dependency upgrades like this. We also can't upgrade to a new major version of SnakeYAML in a maintenance (3.0.x release) of Spring Boot. Lastly, there are some other compatibility issues to consider here such as the SnakeYAML support in Spring Framework and Jackson.