Vulnerability in snakeyaml

[moeshue]

Is this a support request? This issue tracker is maintained by LaunchDarkly SDK developers and is intended for feedback on the SDK code. If you're not sure whether the problem you are having is specifically related to the SDK, or to the LaunchDarkly service overall, it may be more appropriate to contact the LaunchDarkly support team; they can help to investigate the problem and will consult the SDK team if necessary. You can submit a support request by going here or by emailing [email protected].

Note that issues filed on this issue tracker are publicly accessible. Do not provide any private account information on your issues. If your problem is specific to your account, you should submit a support request as described above.

Describe the bug It's not a bug but just a vulnerability, and we cannot override snakeyaml's version since it's wrapped in the jar

To reproduce https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

Expected behavior snakeyaml is upgraded to 1.31

Logs If applicable, add any log output related to your problem.

SDK version latest 5.10.0

Language version, developer tools Java

OS/platform For instance, Ubuntu 16.04, Windows 10, or Android 4.0.3. If your code is running in a browser, please also include the browser type and version.

Additional context Add any other context about the problem here.

[eli-darkly]

Thanks. We should be able to put out a patch release shortly.

[eli-darkly]

Fixed in the 5.10.1 release.

[moeshue]

Fixed in the 5.10.1 release.

Thank you so much!