Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
druid/extensions-contrib/cassandra-storage
History
Jan Werner fa2c8edb5d
unpin snakeyaml, add suppressions and licenses (#15549) 
* unpin snakeyaml globally, add suppressions and licenses
* pin snakeyaml in the specific modules that require version 1.x, update licenses and owasp suppression

This removes the pin of the Snakeyaml introduced in:  https://github.com/apache/druid/pull/14519
After the updates of io.kubernetes.java-client and io.confluent.kafka-clients, the only uses of the Snakeyaml 1.x are:
- in test scope, transitive dependency of jackson-dataformat-yaml🫙2.12.7
- in compile scope in contrib extension druid-cassandra-storage
- in compile scope in it-tests. 

With the dependency version un-pinned, io.kubernetes.java-client and io.confluent.kafka-clients bring Snakeyaml versions 2.0 and 2.2, consequently allowing to build a Druid distribution without the contrib-extension and free of vulnerable Snakeyaml versions.
 		2023-12-15 10:33:14 -08:00
..
src/main Migrate File.mkdirs to FileUtils.mkdirp. (#11879) 2021-11-09 11:10:49 -08:00
pom.xml unpin snakeyaml, add suppressions and licenses (#15549) 2023-12-15 10:33:14 -08:00