Bumped version of Snake Yaml from 1.15 to 1.28 - CVE-2017-18640 - CWE-189 #3275

Coduz · 2021-03-16T09:14:13Z

This PR bumps the version of Snake YAML from 1.15 to 1.28.

Related Issue
None

Description of the solution adopted
Bumped the version.

CQ filed: 23168

Screenshots
None

Any side note on the changes made
None

Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>

codecov · 2021-03-16T14:09:37Z

Codecov Report

Merging #3275 (e51fbc6) into develop (3eefc99) will decrease coverage by 26.03%.
The diff coverage is n/a.

@@              Coverage Diff               @@
##             develop    #3275       +/-   ##
==============================================
- Coverage      51.47%   25.43%   -26.04%     
+ Complexity       764      657      -107     
==============================================
  Files           1467     1467               
  Lines          29943    29943               
  Branches        2504     2504               
==============================================
- Hits           15414     7617     -7797     
- Misses         13657    21724     +8067     
+ Partials         872      602      -270

Impacted Files	Coverage Δ	Complexity Δ
...rc/main/java/org/eclipse/kapua/KapuaException.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
...c/main/java/org/eclipse/kapua/KapuaErrorCodes.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
...in/java/org/eclipse/kapua/broker/BrokerDomain.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
...ain/java/org/eclipse/kapua/event/ServiceEvent.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
...n/java/org/eclipse/kapua/broker/BrokerDomains.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
...va/org/eclipse/kapua/commons/util/SystemUtils.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
...n/java/org/eclipse/kapua/model/domain/Actions.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
.../java/org/eclipse/kapua/message/KapuaPosition.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
.../java/org/eclipse/kapua/KapuaRuntimeException.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
.../java/org/eclipse/kapua/model/query/SortOrder.java	`0.00% <0.00%> (-100.00%)`	`0.00% <0.00%> (ø%)`
... and 548 more

Bumped version of SnakeYaml to 1.28 - CVE-2017-18640 - CWE-189

997196b

Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>

Coduz added Security This issue/PR has some security critical aspect and should be issued as soon as possible Dependencies PR that updates dependencies. Be on the edge! labels Mar 16, 2021

Coduz requested a review from lorthirk March 16, 2021 09:14

Coduz added the CQ pending This PR needs a CQ to be approved from Eclipse before merging. label Mar 16, 2021

lorthirk approved these changes Mar 17, 2021

View reviewed changes

lorthirk merged commit 7f08c8d into eclipse:develop Mar 17, 2021

Coduz deleted the chng-bumpSnakeYamlTo1.28 branch March 17, 2021 10:34

Coduz added CQ approved The PR has passed CQ approvation and removed CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Mar 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bumped version of Snake Yaml from 1.15 to 1.28 - CVE-2017-18640 - CWE-189 #3275

Bumped version of Snake Yaml from 1.15 to 1.28 - CVE-2017-18640 - CWE-189 #3275

Coduz commented Mar 16, 2021 •

edited

Loading

codecov bot commented Mar 16, 2021 •

edited

Loading

Bumped version of Snake Yaml from 1.15 to 1.28 - CVE-2017-18640 - CWE-189 #3275

Bumped version of Snake Yaml from 1.15 to 1.28 - CVE-2017-18640 - CWE-189 #3275

Conversation

Coduz commented Mar 16, 2021 • edited Loading

codecov bot commented Mar 16, 2021 • edited Loading

Codecov Report

Coduz commented Mar 16, 2021 •

edited

Loading

codecov bot commented Mar 16, 2021 •

edited

Loading