-
Notifications
You must be signed in to change notification settings - Fork 950
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grails 6.1.0 based application references snakeyaml 1.30 #13217
Comments
stefanbozic
changed the title
Grails 6.1.0 references snakeyaml 1.30
Grails 6.1.0 based application references snakeyaml 1.30
Nov 22, 2023
Snakeyaml version can be set globally in snakeyaml.version=2.2 which will overwrite the version for spring-boot-starter +--- org.springframework.boot:spring-boot-starter -> 2.7.16
| +--- org.springframework.boot:spring-boot:2.7.16 (*)
| +--- org.springframework.boot:spring-boot-autoconfigure:2.7.16 (*)
| +--- org.springframework.boot:spring-boot-starter-logging:2.7.16
| | +--- ch.qos.logback:logback-classic:1.2.12
| | | +--- ch.qos.logback:logback-core:1.2.12
| | | \--- org.slf4j:slf4j-api:1.7.32 -> 1.7.36
| | +--- org.apache.logging.log4j:log4j-to-slf4j:2.17.2
| | | +--- org.slf4j:slf4j-api:1.7.35 -> 1.7.36
| | | \--- org.apache.logging.log4j:log4j-api:2.17.2
| | \--- org.slf4j:jul-to-slf4j:1.7.36
| | \--- org.slf4j:slf4j-api:1.7.36
| +--- jakarta.annotation:jakarta.annotation-api:1.3.5 -> 2.0.0
| +--- org.springframework:spring-core:5.3.30 (*)
| \--- org.yaml:snakeyaml:1.30 -> 2.2 and also for the micronaut-core etc | | +--- io.micronaut:micronaut-core:3.10.2
| | | \--- org.slf4j:slf4j-api:1.7.36
| | \--- org.yaml:snakeyaml:2.0 -> 2.2 |
guillermocalvo
pushed a commit
that referenced
this issue
Nov 30, 2023
to override SpringBoot BOM Fixes #13217
Merged
puneetbehl
added a commit
that referenced
this issue
Dec 6, 2023
to override SpringBoot BOM Fixes #13217 Co-authored-by: Puneet Behl <behlp@unityfoundation.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
The release notes states
"Remove explicit 1.33 from SnakeYaml to auto resolve to Snake YAML 2"
Actual Behaviour
The latestSnakeyaml version 2.2 is NOT found in the dependency report of an Grails 6.1.0 application.
Instead ther are multiple entries like the following in the dependencies report
org.yaml:snakeyaml:2.0 -> 1.30
The old snakeyaml version is shipped with spring-boot-starter
Steps To Reproduce
Environment Information
Example Application
No response
Version
6.1.0
The text was updated successfully, but these errors were encountered: