What is snakeyaml used for?

Question

keilw opened this issue 2 years ago · comments

There's just been a security warning about the snakeyaml dependency: https://github.com/eclipse/jnosql/security/dependabot/1
@otaviojava Where is it used?

Otávio Santana · Answer 1 · Mon Sep 12 2022 13:49:17 GMT+0800 (China Standard Time)

Hey @keilw, there is no "artemis-configuration" anymore.

It was before we decided to go to Eclipse MicroProfile Configuration.

Werner Keil · Answer 2 · Thu Sep 15 2022 03:06:36 GMT+0800 (China Standard Time)

Then we can simply remove the dependency to remove the threat.
Of course MP-Config was also a temporary solution ;-)