Fork me on GitHub
#clj-yaml
<
2023-01-12
>
lread15:01:27

Great article! Makes me wonder about the design goals of YAML. I'm guessing unambiguous was not on the list.

lread22:01:48

Just noticed that our nvd scan on clj-yaml was failing due to a bug in the scanner. Bumped and it is running again.

lread22:01:01

And... it is reporting CVE-2022-3064, CVE-2021-4235 against snakeyaml.

lread22:01:57

https://nvd.nist.gov/vuln/detail/CVE-2021-4235 seems like a false positive, I don't see snakeyaml listed.

lread22:01:49

Can someone else double-check the above to make sure I'm not missing something? If not I can add these to the ignore list.

vemv01:01:32

I can second they're FPs. happy the bump worked!

lread04:01:25

Thanks @U45T93RA6, and thank you also for the nvd-clojure fix!

slipset07:01:26

We’re also having false positives at work ATM.