Request to Update snakeyaml Dependency to Address Security Vulnerabilities
xhdtn8070 opened this issue · comments
Hello! Matej!
I am writing to bring to your attention a security concern related to the snakeyaml
dependency used in the [Your Library's Name]
project. Recently, I encountered a warning about vulnerable dependencies when using your library, specifically pointing to org.yaml:snakeyaml:1.33
. This version of snakeyaml
has been identified with critical security vulnerabilities, including CVE-2022-41854 and CVE-2022-1471, which pose significant risks.
Fortunately, a new version of snakeyaml
(version 2.2) has been released that addresses these security issues. Considering the potential impact of these vulnerabilities, I kindly request that you consider updating the snakeyaml
dependency in your project to this latest version.
This update would greatly enhance the security for all users of your library and help maintain the trust and reliability of the project.
Thank you for your attention to this matter and for your continued efforts in maintaining this valuable resource. I appreciate your prompt action in resolving this security concern.
Best regards,
Tony
https://mvnrepository.com/artifact/org.yaml/snakeyaml