Skip to content

Commit

Permalink
Merge pull request #4 from Netcracker/dependabot-branch
Browse files Browse the repository at this point in the history 
Resolves vulnerability CVE-2022-1471
  • Loading branch information
@IldarMinaev
IldarMinaev authored Jan 22, 2025
2 parents 8c99196 + 6c277a6 commit eb4aa53
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ limitations under the License.
<properties>
<compiler.version>8</compiler.version>
<assembly.version>3.3.0</assembly.version>
<snakeyaml.version>1.32</snakeyaml.version>
<snakeyaml.version>2.0</snakeyaml.version>
<micrometer.version>1.9.0</micrometer.version>
</properties>

Expand Down
4 changes: 3 additions & 1 deletion src/main/java/org/qubership/log/generator/Generator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import io.micrometer.prometheus.PrometheusConfig;
import io.micrometer.prometheus.PrometheusMeterRegistry;
import io.micrometer.prometheus.PrometheusRenameFilter;
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;

Expand Down Expand Up @@ -277,7 +278,8 @@ private static Config getConfig(String path) throws IOException {
config.setConfig(new ArrayList<>());
for (String file : files) {
InputStream inputStream = Files.newInputStream(Paths.get(path + file));
Yaml yaml = new Yaml(new Constructor(Config.class));
LoaderOptions loaderOptions = new LoaderOptions();
Yaml yaml = new Yaml(new Constructor(Config.class, loaderOptions));
Config fileConfig = yaml.load(inputStream);
if (fileConfig != null && fileConfig.getConfig() != null && fileConfig.getConfig().size() > 0) {
config.getConfig().addAll(fileConfig.getConfig());
Expand Down

0 comments on commit eb4aa53

Please sign in to comment.