Closed
Description
Expected Behavior
The release notes states
"Remove explicit 1.33 from SnakeYaml to auto resolve to Snake YAML 2"
Actual Behaviour
The latestSnakeyaml version 2.2 is NOT found in the dependency report of an Grails 6.1.0 application.
Instead ther are multiple entries like the following in the dependencies report
org.yaml:snakeyaml:2.0 -> 1.30The old snakeyaml version is shipped with spring-boot-starter
+--- org.springframework.boot:spring-boot-starter -> 2.7.16
| +--- org.springframework.boot:spring-boot:2.7.16 (*)
| +--- org.springframework.boot:spring-boot-autoconfigure:2.7.16 (*)
| +--- org.springframework.boot:spring-boot-starter-logging:2.7.16
| | +--- ch.qos.logback:logback-classic:1.2.12
| | | +--- ch.qos.logback:logback-core:1.2.12
| | | \--- org.slf4j:slf4j-api:1.7.32 -> 1.7.36
| | +--- org.apache.logging.log4j:log4j-to-slf4j:2.17.2
| | | +--- org.slf4j:slf4j-api:1.7.35 -> 1.7.36
| | | \--- org.apache.logging.log4j:log4j-api:2.17.2
| | \--- org.slf4j:jul-to-slf4j:1.7.36
| | \--- org.slf4j:slf4j-api:1.7.36
| +--- jakarta.annotation:jakarta.annotation-api:1.3.5 -> 2.0.0
| +--- org.springframework:spring-core:5.3.30 (*)
| \--- org.yaml:snakeyaml:1.30
Steps To Reproduce
- Create an empty project via "grails create-app test6_1_0"
- In this new project call "./gradlew dependencies"
- You will find several occurences of "org.yaml:snakeyaml:2.0 -> 1.30"
Environment Information
$ ./gradlew -v
------------------------------------------------------------
Gradle 7.6.3
------------------------------------------------------------
Build time: 2023-10-04 15:59:47 UTC
Revision: 1694251d59e0d4752d547e1fd5b5020b798a7e71
Kotlin: 1.7.10
Groovy: 3.0.13
Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM: 11.0.20 (Azul Systems, Inc. 11.0.20+8-LTS)
OS: Windows 10 10.0 amd64Example Application
No response
Version
6.1.0
Metadata
Metadata
Assignees
Labels
No labels