clj-yaml

vxe 2023-08-03T11:13:20.621079Z

@vxe has joined the channel

vxe 2023-08-03T12:10:50.692129Z

are there any plans to update to SnakeYaml 2.0 ? I just worked through a dependency bug with the https://github.com/kubernetes-client/java which is using 2.0 and seems incompatible with clj-yaml which is using 1.33. I have a workaround but was wondering if an update is on the horizon. thanks

lread 2023-08-03T12:28:16.952279Z

Hi @vxe, yup, we were going to wait for SnakeYAML 2.1. We figured the dust would have settled for 2.x by then. What dependency bug did you hit? Are you referring to the CVE?

lread 2023-08-03T12:28:39.813949Z

Or is it just a conflict in deps?

lread 2023-08-03T12:35:22.915149Z

According to https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes they usually release twice a year (Feb and Aug), so maybe a 2.1 release is coming soon.

lread 2023-08-03T12:36:31.828549Z

But let us know if you are blocked on this.

vxe 2023-08-03T12:45:38.392509Z

hey no worries, just a dependency and i have a workaround, will keep an eye out for the next release, thanks for the quick response

👍 1