From 22bc35e929a098a94c0925693a07e239fd93d9f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lu=C3=ADs=20Bianchin?= <labianchin@users.noreply.github.com>
Date: Fri, 28 Apr 2023 13:49:38 +0200
Subject: [PATCH] Upgrade snakeyaml to 2.0

Includes CVE fix https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in for https://nvd.nist.gov/vuln/detail/CVE-2022-1471
---
 testng-core/src/main/java/org/testng/internal/Yaml.java | 7 ++++---
 versions.properties                                     | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/testng-core/src/main/java/org/testng/internal/Yaml.java b/testng-core/src/main/java/org/testng/internal/Yaml.java
index dc44cbe5f..4001b1fa7 100644
--- a/testng-core/src/main/java/org/testng/internal/Yaml.java
+++ b/testng-core/src/main/java/org/testng/internal/Yaml.java
@@ -15,6 +15,7 @@
 import org.testng.xml.XmlScript;
 import org.testng.xml.XmlSuite;
 import org.testng.xml.XmlTest;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.TypeDescription;
 import org.yaml.snakeyaml.constructor.Constructor;
 import org.yaml.snakeyaml.nodes.MappingNode;
@@ -30,7 +31,7 @@ private Yaml() {}
 
   public static XmlSuite parse(String filePath, InputStream is, boolean loadClasses)
       throws FileNotFoundException {
-    Constructor constructor = new TestNGConstructor(XmlSuite.class);
+    Constructor constructor = new TestNGConstructor(XmlSuite.class, new LoaderOptions());
     {
       TypeDescription suiteDescription = new TypeDescription(XmlSuite.class);
       suiteDescription.addPropertyParameters("packages", XmlPackage.class);
@@ -301,8 +302,8 @@ private static void toYaml(StringBuilder sb, String sp, Map<String, String> para
 
   private static class TestNGConstructor extends Constructor {
 
-    public TestNGConstructor(Class<?> theRoot) {
-      super(theRoot);
+    public TestNGConstructor(Class<?> theRoot, LoaderOptions loadingConfig) {
+      super(theRoot, loadingConfig);
       yamlClassConstructors.put(NodeId.scalar, new ConstructParallelMode());
       yamlClassConstructors.put(NodeId.mapping, new ConstructXmlScript());
     }
diff --git a/versions.properties b/versions.properties
index 641e2929a..9a7016ba1 100644
--- a/versions.properties
+++ b/versions.properties
@@ -128,7 +128,7 @@ version.org.webjars..jquery=3.6.1
 
 version.org.xmlunit..xmlunit-assertj=2.9.0
 
-version.org.yaml..snakeyaml=1.33
+version.org.yaml..snakeyaml=2.0
 
 version.org.slf4j..slf4j-simple=1.7.36
 ##                  # available=1.8.0-alpha0