search

eclipse / jnosql

Eclipse JNoSQL is a framework which has the goal to help Java developers to create Jakarta EE applications with NoSQL.
Other
231 stars 72 forks source link

What is snakeyaml used for? #281

Closed keilw closed 2 years ago

keilw commented 2 years ago

There's just been a security warning about the snakeyaml dependency: https://github.com/eclipse/jnosql/security/dependabot/1 @otaviojava Where is it used?

otaviojava commented 2 years ago

Hey @keilw, there is no "artemis-configuration" anymore.

https://github.com/eclipse/jnosql/tree/main/jnosql-mapping

It was before we decided to go to Eclipse MicroProfile Configuration.

keilw commented 2 years ago

Then we can simply remove the dependency to remove the threat. Of course MP-Config was also a temporary solution ;-)