The library org.yaml:snakeyaml version 1.32 detected

OHDSI / WebAPI

OHDSI WebAPI contains all OHDSI services that can be called from OHDSI applications

Apache License 2.0

126 stars 156 forks source link

The library org.yaml:snakeyaml version 1.32 detected #2314

Open davidhcar opened 8 months ago

davidhcar commented 8 months ago

Expected behavior

The library org.yaml:snakeyaml version should be 2.0 per PR https://github.com/OHDSI/WebAPI/pull/2237. It does not seem to update newer version, are there any additional configuration to force the version 2.0? please advise.

Actual behavior

The library org.yaml:snakeyaml version 1.32 was detected in Maven library manager located at /WebAPI.war. reference: https://github.com/advisories/GHSA-mjmj-j48q-9wg2

Steps to reproduce behavior

The latest 2.13.0.

chrisknoll commented 8 months ago

It is set to version 2.0 in the master's pom.xml. This hasn't been released yet, could it be you are looking at a prior version?

davidhcar commented 8 months ago

Thanks @chrisknoll That explains it, its not in the 2.13 release, I see the timeline around March for this PR so did not think it was not in the release. Could we release this as a hotfix as it's a CRITICAL ?