clj-yaml

lread 2023-02-26T14:09:24.905819Z

Looks SnakeYAML 2.0 might be in process of being released https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes

borkdude 2023-02-26T14:28:17.704709Z

Uh oh

borkdude 2023-02-26T14:29:07.310109Z

Looks like bb users aren’t going to suffer greatly

lread 2023-02-26T14:32:05.184249Z

If a CVE gets raised against this new version, I think Andrey might implode

lread 2023-02-26T15:41:37.018279Z

Ok, I see it on maven central now: https://central.sonatype.com/artifact/org.yaml/snakeyaml/2.0/versions

borkdude 2023-02-26T15:44:19.197289Z

maybe a PR with an update could help detect if there's any breakages in the defaults

lread 2023-02-26T15:44:59.999989Z

If nobody else is interested I can take a peek at upgrading clj-yaml sometime soon. Perceived advantages to upgrade: 1. users would not get current CVE warning for snakeyaml 1.33 2. there might be some security fixes we did not entirely grok

lread 2023-02-26T15:45:18.779299Z

Yeah that sounds good @borkdude

borkdude 2023-02-26T21:40:38.506039Z

@lee What happened when you didn't add that new option?

borkdude 2023-02-26T21:43:11.082529Z

If I understand correctly, the unsafe-allow tests failed without that, right?

lread 2023-02-26T22:26:03.727979Z

That's right.