Skip to content

[Backport 2.x] [CVE] Update snakeyaml dependency#4347

Merged
reta merged 1 commit into2.xfrom
backport/backport-4341-to-2.x
Aug 30, 2022
Merged

[Backport 2.x] [CVE] Update snakeyaml dependency#4347
reta merged 1 commit into2.xfrom
backport/backport-4341-to-2.x

Conversation

@opensearch-trigger-bot
Copy link
Copy Markdown
Contributor

@opensearch-trigger-bot opensearch-trigger-bot bot commented Aug 30, 2022

Backport 4bccdbe from #4341

@adnapibar @github-actions
[CVE] Update snakeyaml dependency (#4341)
edd95c4 
The package `org.yaml:snakeyaml` before version 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Details at https://nvd.nist.gov/vuln/detail/CVE-2022-25857

Signed-off-by: Rabi Panda <adnapibar@gmail.com>
(cherry picked from commit 4bccdbe)
@opensearch-trigger-bot opensearch-trigger-bot bot requested review from a team and reta as code owners August 30, 2022 20:22
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Aug 30, 2022

Codecov Report

Merging #4347 (d4dd71c) into 2.x (d4dd71c) will not change coverage.
The diff coverage is n/a.

❗ Current head d4dd71c differs from pull request most recent head edd95c4. Consider uploading reports for the commit edd95c4 to get more accurate results

@@            Coverage Diff            @@
##                2.x    #4347   +/-   ##
=========================================
  Coverage     70.57%   70.57%           
  Complexity    56975    56975           
=========================================
  Files          4572     4572           
  Lines        273744   273744           
  Branches      40150    40150           
=========================================
  Hits         193205   193205           
  Misses        64398    64398           
  Partials      16141    16141

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Aug 30, 2022

Gradle Check (Jenkins) Run Completed with:

@reta reta merged commit c44d8e4 into 2.x Aug 30, 2022
@github-actions github-actions bot deleted the backport/backport-4341-to-2.x branch August 30, 2022 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reta reta reta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codecov-commenter @reta @adnapibar