Looks SnakeYAML 2.0 might be in process of being released https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes
Uh oh
Looks like bb users aren’t going to suffer greatly
If a CVE gets raised against this new version, I think Andrey might implode
Ok, I see it on maven central now: https://central.sonatype.com/artifact/org.yaml/snakeyaml/2.0/versions
maybe a PR with an update could help detect if there's any breakages in the defaults
If nobody else is interested I can take a peek at upgrading clj-yaml sometime soon. Perceived advantages to upgrade: 1. users would not get current CVE warning for snakeyaml 1.33 2. there might be some security fixes we did not entirely grok
Yeah that sounds good @borkdude
@lee What happened when you didn't add that new option?
If I understand correctly, the unsafe-allow tests failed without that, right?
That's right.