Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixes #1954 Upgrade snakeyaml to 2.2 from 1.33 to resolve security vu… #1955

Merged
merged 4 commits into from
Nov 5, 2023
Merged

fixes #1954 Upgrade snakeyaml to 2.2 from 1.33 to resolve security vu… #1955

merged 4 commits into from
Nov 5, 2023

Conversation

stevehu
Copy link
Contributor

@stevehu stevehu commented Nov 3, 2023

…lnerabilities for 1.6.x branch

@miklish miklish changed the title fixes #1954 Upgrade snakeyaml to 2.1 from 1.33 to resolve security vu… fixes #1954 Upgrade snakeyaml to 2.2 from 1.33 to resolve security vu… Nov 5, 2023
@miklish
Copy link
Collaborator

miklish commented Nov 5, 2023

Hi @stevehu - Where are the updates to the pom?

miklish referenced this pull request Nov 5, 2023
@stevehu
downgrade snakeyaml to 2.2
adc9196
miklish pushed a commit that referenced this pull request Nov 5, 2023
downgrade to snakeyaml 1.33 until PR #1955 is merged, since PR 1955 h…
cb64c75 
…as code needed to make light-4j 1.6.x compatible with snakeyaml 2.2
@miklish
Copy link
Collaborator

miklish commented Nov 5, 2023
edited
Loading

@stevehu - please see the discussion in commit adc9196 ('downgrade snakeyaml to 2.2') about the snakeyaml update in pom that does not have associated changes needed in the code

miklish pushed a commit that referenced this pull request Nov 5, 2023
downgrade to jackson 2.14.0 until PR #1955 is merged, since PR 1955 h…
0f8ff65 
…as code needed to make light-4j 1.6.x compatible with Jackson 2.14.0 (see comments here 0c83580#commitcomment-131731260)
@stevehu stevehu merged commit a88a104 into 1.6.x Nov 5, 2023
@stevehu stevehu deleted the issue1954 branch November 5, 2023 15:16
stevehu pushed a commit that referenced this pull request Nov 6, 2023
@jaydeepparekh1311
Update variable names for Token Connection and Request Timeout (#1957)
0c4d1f4 
* Update Update variable names for Token Connection and Request Timeouts

* Update Update variable names for Token Connection and Request Timeouts

* downgrade to snakeyaml 1.33 until PR #1955 is merged, since PR 1955 has code needed to make light-4j 1.6.x compatible with snakeyaml 2.2

* downgrade to jackson 2.14.0 until PR #1955 is merged, since PR 1955 has code needed to make light-4j 1.6.x compatible with Jackson 2.14.0 (see comments here 0c83580#commitcomment-131731260)

* Update TokenRequest.java

To align to existing code, Add new line at EOF

---------

Co-authored-by: Jaydeep.Parekh@cibc.com <jaydeep.parekh@cibc.com>
Co-authored-by: Michael Christoff <mike.christoff@cibc.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miklish miklish Awaiting requested review from miklish

@jaydeepparekh1311 jaydeepparekh1311 Awaiting requested review from jaydeepparekh1311

@AkashWorkGit AkashWorkGit Awaiting requested review from AkashWorkGit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevehu @miklish