Update snakeyaml in agent build.gradle

newrelic / newrelic-java-agent

The New Relic Java agent

Apache License 2.0

202 stars 143 forks source link

Update snakeyaml in agent build.gradle #1790

Closed kanderson250 closed 7 months ago

kanderson250 commented 7 months ago

WIP: do not merge

Resolves #1725

Upgrade snakeyaml dependency from 1.33 to 2.2 due to vulnerability CVE-2022-1471

Compatibility changes: A few of our config classes extend SafeConstructor. The default constructor for this class was previously deprecated and has been removed for snakeyaml >= 2.0:

@Deprecated 
SafeConstructor(){ this(new LoaderOptions()); }

Subclasses in the agent have been updated to explicitly call super(new LoaderOptions()) to match this behavior.

codecov-commenter commented 7 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 70.87%. Comparing base (cb8f2a8) to head (cf771ed). Report is 3 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1790 +/- ## ============================================ + Coverage 70.85% 70.87% +0.02% - Complexity 9946 9952 +6 ============================================ Files 826 827 +1 Lines 39875 39880 +5 Branches 6043 6043 ============================================ + Hits 28252 28266 +14 + Misses 8894 8889 -5 + Partials 2729 2725 -4 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

kanderson250 commented 7 months ago

Won't do due to changes in major version bump.