hortonworks · gkomlossi · Jan 9, 2023 · Feb 7, 2023
diff --git a/build.gradle b/build.gradle
@@ -72,6 +72,11 @@ subprojects {
                     strictly project.versions_slf4j
                 }
             }
+            compile(libraries.snakeyaml) {
+                version {
+                    strictly project.versions_snakeyaml
+                }
+            }
             compile(libraries.swagger) {
                 version {
                     strictly project.versions_swagger

diff --git a/dependencies.gradle b/dependencies.gradle
@@ -68,7 +68,6 @@ ext.libraries = [
       annotations    : "com.fasterxml.jackson.core:jackson-annotations",
       core           : "com.fasterxml.jackson.core:jackson-core",
       databind       : "com.fasterxml.jackson.core:jackson-databind",
-      dataformat     : "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml",
       dataformat_csv : "com.fasterxml.jackson.dataformat:jackson-dataformat-csv",
       dataformat_yaml: "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml",
       datatype_json_org : "com.fasterxml.jackson.datatype:jackson-datatype-json-org",
@@ -180,6 +179,7 @@ ext.libraries = [
    mysql8            : "mysql:mysql-connector-java:8.0.32",
 
    servlet_api        : "javax.servlet:servlet-api:$versions_servlet_api",
+   snakeyaml          : "org.yaml:snakeyaml",
 
    validation_api     : "javax.validation:validation-api:$versions_validation_api",
    validation_api2    : "jakarta.validation:jakarta.validation-api",

diff --git a/gradle.properties b/gradle.properties
@@ -52,7 +52,7 @@ versions_plexus_dispatcher = 1.4
 versions_pmml = 1.0.22
 versions_postgresql=42.4.1
 versions_slf4j = 1.7.32
-versions_snakeyaml = 1.27
+versions_snakeyaml = 1.33
 versions_servlet_api = 2.5
 versions_validation_api = 1.1.0.Final
 

diff --git a/registry-common-client/build.gradle b/registry-common-client/build.gradle
@@ -27,7 +27,6 @@ gversion {
 dependencies {
 
     compile libraries.jackson.databind
-    compile libraries.jackson.dataformat
 
     compile libraries.logging.slf4j_api
 

diff --git a/registry-common/build.gradle b/registry-common/build.gradle
@@ -26,9 +26,7 @@ dependencies {
     compile libraries.jackson.core
     compile libraries.jackson.databind
     compile libraries.jackson.annotations
-    compile libraries.jackson.dataformat_yaml
-    compile libraries.jackson.mapper
-
+
     compile libraries.libphonenumber
 
     compile libraries.jaxb_api

diff --git a/schema-registry/schema-registry-client/build.gradle b/schema-registry/schema-registry-client/build.gradle
@@ -24,10 +24,10 @@ dependencies {
     compile("com.fasterxml.jackson.datatype:jackson-datatype-joda")
     compile("com.fasterxml.jackson.datatype:jackson-datatype-jsr310")
     compile("com.fasterxml.jackson.module:jackson-module-parameter-names")
-    compile("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml")
     compile("com.fasterxml.jackson.core:jackson-annotations")
 
     constraints {
+        compile("org.yaml:snakeyaml") { version { strictly project.versions_snakeyaml } }
         compile("com.fasterxml.jackson.core:jackson-core") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.core:jackson-databind") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.datatype:jackson-datatype-json-org") { version { strictly project.versions_jackson2 } }
@@ -36,10 +36,11 @@ dependencies {
         compile("com.fasterxml.jackson.datatype:jackson-datatype-joda") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.datatype:jackson-datatype-jsr310") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.module:jackson-module-parameter-names") { version { strictly project.versions_jackson2 } }
-        compile("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.core:jackson-annotations") { version { strictly project.versions_jackson2 } }
     }
 
+    compile libraries.snakeyaml
+
     compile(project(':schema-registry:schema-registry-common')) {
         exclude group: 'javax.validation', module: 'validation-api'
         exclude group: 'com.fasterxml.jackson.core'

diff --git a/.../src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java b/.../src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java
@@ -106,6 +106,8 @@
 import com.hortonworks.registries.shaded.javax.ws.rs.client.WebTarget;
 import com.hortonworks.registries.shaded.javax.ws.rs.core.MediaType;
 import com.hortonworks.registries.shaded.javax.ws.rs.core.Response;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
+
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -231,7 +233,7 @@ public SchemaRegistryClient(File confFile) throws IOException {
     @SuppressWarnings("unchecked")
     private static Map<String, ?> buildConfFromFile(File confFile) throws IOException {
         try (FileInputStream fis = new FileInputStream(confFile)) {
-            return (Map<String, Object>) new Yaml().load(IOUtils.toString(fis, StandardCharsets.UTF_8));
+            return new Yaml(new SafeConstructor()).load(IOUtils.toString(fis, StandardCharsets.UTF_8));
         }
     }
 

diff --git a/schema-registry/schema-registry-serdes/build.gradle b/schema-registry/schema-registry-serdes/build.gradle
@@ -32,7 +32,6 @@ dependencies {
         compile("com.fasterxml.jackson.datatype:jackson-datatype-joda") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.datatype:jackson-datatype-jsr310") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.module:jackson-module-parameter-names") { version { strictly project.versions_jackson2 } }
-        compile("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml") { version { strictly project.versions_jackson2 } }
         compile("com.fasterxml.jackson.core:jackson-annotations") { version { strictly project.versions_jackson2 } }
         compile("org.glassfish.jersey.media:jersey-media-json-jackson") { version { strictly project.versions_jersey2 } }
         compile("org.glassfish.jersey.core:jersey-common") { version { strictly project.versions_jersey2 } }

diff --git a/...tonworks/registries/schemaregistry/avro/helper/SchemaRegistryTestServerClientWrapper.java b/...tonworks/registries/schemaregistry/avro/helper/SchemaRegistryTestServerClientWrapper.java
@@ -22,6 +22,7 @@
 import com.hortonworks.registries.schemaregistry.webservice.LocalSchemaRegistryServer;
 import org.apache.commons.io.IOUtils;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 
 import java.io.FileInputStream;
 import java.net.URISyntaxException;
@@ -102,7 +103,7 @@ private Map<String, Object> createClientConf() {
             return ret;
         }
         try (FileInputStream fis = new FileInputStream(schemaRegistryTestConfiguration.getClientYAMLPath())) {
-            Map<String, Object> ret = new Yaml().load(IOUtils.toString(fis, StandardCharsets.UTF_8));
+            Map<String, Object> ret = new Yaml(new SafeConstructor()).load(IOUtils.toString(fis, StandardCharsets.UTF_8));
             ret.put("schema.registry.url", registryURL);
             return ret;
         } catch (Exception e) {