java-faker icon indicating copy to clipboard operation
java-faker copied to clipboard
verified publisher icon DiUS

vulnerabilities in dependency: snakeyaml

Open BeBitbox opened this issue 3 years ago • 1 comments

There is a critical vulnerability in the library snakeYAML: https://mvnrepository.com/artifact/org.yaml/snakeyaml

Update to a version +1.26: Proposed solution

<dependency> <groupId>org.yaml</groupId> <artifactId>snakeyaml</artifactId> <version>1.30</version> </dependency>

BeBitbox avatar Jan 17 '22 13:01 BeBitbox

Absolutely correct. We've created a port of Javafaker, called https://www.datafaker.net, which doesn't have this issue (we fixed the CVE, and removed most other dependencies). It's a direct replacement with the same API, but actively maintained, no CVEs, 10-30% faster, etc.

bodiam avatar Feb 14 '22 12:02 bodiam