From c0421eb5859066d8105904306ab8cc48ba2b2abf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Jan 2025 06:45:55 +0000
Subject: [PATCH 1/2] Bump org.yaml:snakeyaml from 1.32 to 2.0

Bumps [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 1.32 to 2.0.
- [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.0..snakeyaml-1.32)

---
updated-dependencies:
- dependency-name: org.yaml:snakeyaml
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5bb4ad2..3e9ca19 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
     <properties>
         <compiler.version>8</compiler.version>
         <assembly.version>3.3.0</assembly.version>
-        <snakeyaml.version>1.32</snakeyaml.version>
+        <snakeyaml.version>2.0</snakeyaml.version>
         <micrometer.version>1.9.0</micrometer.version>
     </properties>
 

From 6c277a69f8a829df27c5f5d89b90d4ec7afb5357 Mon Sep 17 00:00:00 2001
From: NikolaiKuziaevQubership <nikolai.kuziaev.qubership@gmail.com>
Date: Wed, 22 Jan 2025 14:22:07 +0400
Subject: [PATCH 2/2] Resolves CVE-2022-1471

---
 src/main/java/org/qubership/log/generator/Generator.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/qubership/log/generator/Generator.java b/src/main/java/org/qubership/log/generator/Generator.java
index 0071bf4..099a5af 100644
--- a/src/main/java/org/qubership/log/generator/Generator.java
+++ b/src/main/java/org/qubership/log/generator/Generator.java
@@ -35,6 +35,7 @@
 import io.micrometer.prometheus.PrometheusConfig;
 import io.micrometer.prometheus.PrometheusMeterRegistry;
 import io.micrometer.prometheus.PrometheusRenameFilter;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.Constructor;
 
@@ -277,7 +278,8 @@ private static Config getConfig(String path) throws IOException {
         config.setConfig(new ArrayList<>());
         for (String file : files) {
             InputStream inputStream = Files.newInputStream(Paths.get(path + file));
-            Yaml yaml = new Yaml(new Constructor(Config.class));
+            LoaderOptions loaderOptions = new LoaderOptions();
+            Yaml yaml = new Yaml(new Constructor(Config.class, loaderOptions));
             Config fileConfig = yaml.load(inputStream);
             if (fileConfig != null && fileConfig.getConfig() != null && fileConfig.getConfig().size() > 0) {
                 config.getConfig().addAll(fileConfig.getConfig());