The currently used SnakeYAML v1.27 has multiple security vulnerabilities. Specifically:
CVE-2022-1471
CVE-2022-25857
CVE-2022-41854
CVE-2022-38750
CVE-2022-38751
CVE-2022-38749
CVE-2022-38752
This PR updates SnakeYAML to v2.2, which is currently the latest version. Alternatively, updating to v2.0 or v2.1 would also resolve all of the vulnerabilities.
I did not find any compatibility issues with the update, but I'm also not that familiar with SnakeYAML or with your codebase, so I might have missed something. Apologies if applying this update is not feasible.
The currently used SnakeYAML v1.27 has multiple security vulnerabilities. Specifically: CVE-2022-1471 CVE-2022-25857 CVE-2022-41854 CVE-2022-38750 CVE-2022-38751 CVE-2022-38749 CVE-2022-38752
This PR updates SnakeYAML to v2.2, which is currently the latest version. Alternatively, updating to v2.0 or v2.1 would also resolve all of the vulnerabilities.
I did not find any compatibility issues with the update, but I'm also not that familiar with SnakeYAML or with your codebase, so I might have missed something. Apologies if applying this update is not feasible.