File snakeyaml.changes of Package snakeyaml

-------------------------------------------------------------------
Thu May  2 13:24:11 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Modified patch:
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + remove unused List variable that was originally used for
      debugging purposes

-------------------------------------------------------------------
Mon Apr 29 11:44:13 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- The binaries are compatible with java 1.8

-------------------------------------------------------------------
Tue Apr 16 13:55:05 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstrem version 2.2
  * Changes of 2.2
    + Define default scalar style as PLAIN (for polyglot Maven)
    + Add missing 'exports org.yaml.snakeyaml.inspector' to
      module-info.java
  * Changes of 2.1
    + Heavy Allocation in Emitter.analyzeScalar(String) due to Regex
      Overhead. Fixes 1075.
    + Use identity in toString() for sequences to avoid
      OutOfMemoryError. Fixes 1064.
    + NumberFormatException from SnakeYAML due to int overflow for
      corrupt YAML version. Fixes 1061.
    + Document size limit should be applied to single document not
      the whole input stream. Fixes 1065.
    + Detect invalid Unicode code point (thanks to Tatu Saloranta).
      Fixes 576.
    + Remove Trusted*Inspector classes from main sources tree
  * Changes of 2.0
    + Rollback to Java 7 target. Fixes 570.
    + Add module-info.java. Fixes 495.
    + Migrate to Java 8
    + Remove many deprecated constructors
    + Remove long deprecated methods in FlowStyle
    + Do not allow global tags by default. Fixes 565.
    + Yaml.LoadAs() signature to support Class<? super T> type
      instead of Class<T>. Fixes 556.
    + CustomClassLoaderConstructor takes LoaderOptions
    + Check input parameters for non-null values
- Removed patch:
  * 0003-Fix-ReaderBomTest.patch
    + not needed
- Modified patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch ->
    0001-Remove-external-Base64Coder-and-use-provided-Base64.patch
    + use the patch integrated for inclusion in 2.3
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + regenerate and fix tests

-------------------------------------------------------------------
Wed Feb 21 17:28:08 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Use %patch -P N instead of deprecated %patchN.

-------------------------------------------------------------------
Tue Oct 18 07:17:01 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Fix --with tests build

-------------------------------------------------------------------
Mon Oct 17 17:05:58 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream release 1.33
  * Fixes
    + bsc#1204173
    + bsc#1203154 (CVE-2022-38752)
  * Changes of 1.33
    + Remove some deprecated unused methods
    + Fix #555: Fixed Github actions
    + Fix #553: LoaderOptions.setCodePointLimit() not honored by
      loadAll()
    + Fix #554: Always emit numberish strings with quotes
  * Changes of 1.32
    + Fix #543: show the configuration in the test
    + Fix #531: provide configuration to fail early
    + Fix #547: Set the limit for incoming data to prevent a CVE
      report in NIST. By default it is 3MB
    + Fix #544: Support unescaped unicode characters for
      double-quoted scalars
- Modified patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + rebase
- Added patch:
  * 0003-Fix-ReaderBomTest.patch
    + remove two tests that require unicode boms

-------------------------------------------------------------------
Wed Sep  7 07:30:01 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream release 1.31
  * Fixes
    + bsc#1202932 (CVE-2022-25857)
    + bsc#1203149 (CVE-2022-38749)
    + bsc#1203153 (CVE-2022-38751)
    + bsc#1203158 (CVE-2022-38750)
  * Changes of 1.31
    + Fix #539: false positive CVE-2020-13936 (bsc#1183360)
    + Fix #537: Improved RE for integers
    + Improve restrictions against DoS attacks
    + Fix #525: Restrict nested depth for collections to avoid DoS
      attacks
    + Fix #522: De-serializing key "on" fails with Exception
    + Example with Lombok and ENV variable substitution was added
    + reported issue with trailing TAB
    + fixes for reading and writing comments
  * Changes of 1.30
    + Migrate to new home: snakeyaml/snakeyaml
    + fixes for reading and writing comments
    + Fix #506: Improve parsing a number starting with 0x
  * Changes of 1.29
    + fixes for reading and writing comments
- Modified patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + rebase

-------------------------------------------------------------------
Sat May 15 17:33:53 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream release 1.28
  * Fixes bsc#1159488, bsc#1186088, CVE-2017-18640
  * Changes of 1.28
    + Add possibility to construct enum with case sensitivity
    + Fix #493: substitution default can contain special characters
    + Add possibility to read and write comments
    + Fix #485: Alias names are too permissive compared to libyaml
      and future spec
  * Changes of 1.27
    + Update #307: add example
    + Add: build with CI on github
    + Fix #481: Serialize anchors that are not used by any alias
    + Fix #416: Improve dumping sequences
    + Fix #480: Anchor allows non ASCII characters while dumping
    + Fix #476: Make constructor of EnvScalarConstructor public
    + Fix #474: Parse the value of byte and short after a narrowing
      primitive conversion
    + Fix yet another OWASP false positive. It complains that the
      Spring controller makes SnakeYAML insecure even though
      SnakeYAML does not use Spring controller and does not depend
      on Spring (but the tests do). Bump spring.version from
      3.2.17.RELEASE to 5.2.4.RELEASE
    + Migrated from hg to git
  * Changes of 1.26
    + Fix #377: Allow configuration for preventing billion laughs
      attack
    + Add: parse ENV variables similar to how it works for
      docker-compose
    + Fix #468: Allow non ASCII characters in the anchor names
    + Add: expose Event.ID in Event via a getter
    + Fix #454: Add example for integer without time pattern
- Removed patch:
  * 0003-fix-broken-test.patch
    + not needed since integrated upstream
- Modified patch:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
    * rediff to changed context

-------------------------------------------------------------------
Sun Nov 10 05:55:34 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream release 1.25
  * Changes of 1.25
    + Fix #441: Restore the way to get anchor for a Node
    + Fix #437: Introduce setting to keep !!str tag for String even
      when it contains non-printable chars
    + Update plugin versions
  * Changes of 1.24
    + BaseConstructor: Factored out postponed mapping logic so
      subclasses can effectively override constructMapping2ndStep()
      and delegate to the postponed mapping logic
    + Fix #431: Customize simple key length when dumping
    + Fix #430: Wrap runtime exceptions into YAMLException.
    + Fix: Null tag constructor not called when parsing top-level
      null value.
    + Fix #429: Provide "Automatic-Module-Name" entry in MANIFEST
    + Fix #426: Fix NPE when duplicate keys are not allowed and the
      key is null
    + Apply pull request #41: Support java.sql classes without the
      need to depend on java.sql module in java9+
    + Update: Java 7 is required.
    + Fix #423: Date Serialization Fails for TimeZones on Daylight
      Savings Time
  * Changes of 1.23
    + Update: run tests under Java 11. This is the last release to
      support Java 6. As of the next release Java 7 will be required.
    + Fix #412: Restore the Boolean constructors for Events and
      Nodes for binary compatibility of dependent projects
    + Fix #411: System Property "java.runtime.name" is not required
      to be defined
    + Fix #409: Dumping Enum breaks when Enum value is Anonymous
      inner class
  * Changes of 1.21
    + Update: Scanner.peekToken() and Scanner.getToken() throw
      exception instead of returning null
    + Update: Enhance output of token IDs
    + Update: Mark - expose buffer and pointer
    + Update: Improvements in the Bitbucket pipeline
    + Fix #397: Plain scalars with colons in flow sequences/mappings
      are valid YAML. This change follows what happens with PyYAML
      and libyaml (thanks to developers from the YAML community)
  * Changes of 1.20
    + Fix #393: Improve reflective access operation to avoid warning
      under Java 9
    + Hold #397: because of the inconsistent corner cases the ':' is
      not yet allowed in a flow context
    + Refactor nodes and events - use enum FlowStyle instead of
      Boolean (minor backwards-incompatible change)
    + Refactor ScalarToken, ScalarNode and ScalarEvent - use enum
      ScalarStyle instead of Character (minor backwards-incompatible
      change)
    + Refactor Mark - remove unused code (minor
      backwards-incompatible change)
    + Fix #395 and #394: Introduce DuplicateKeyException and report
      line number for duplicate keys when creating non-Javabeans
  * Changes of 1.19
    + Apply pull request #22: Only use FIELD access for Android in
      PropertyUtils
    + Apply pull request #27: Add getAnnotations() and
      getAnnotation() methods to Property.
    + Apply pull request #26 and fix #383: Some configuration
      properties of Representer were ignored.
    + Fix issue #386:Fix order of duplicate keys indices to prevent
      wrong removals.
    + Update: major improvement when parsing JavaBeans.
    + Fix issue #382 and #322: MethodProperty should check for
      generic type in getters and setters.
    + Fix issue #377: Add test for billion laughs attack.
    + Fix issue #368: Relax final restriction on TypeDescription.
    + Fix issue #375: Empty YAML file must return null instead of
      throwing an exception when loading a JavaBean.
    + Fix issue #374: Localization settings (e.g. fr_CA) convert
      Number type floats to ints.
    + Apply pull request #20: Provide access to node's anchor
    + Fix issue #370: Remove redundant
      "Bundle-RequiredExecutionEnvironment: J2SE-1.5"
    + Fix issue #364: Serializing Calendar objects with certain
      timezone offsets renders invalid YAML
  * Changes of 1.18
    + Add: create Android artifact with android classifier
    + Fix issue #358: Validate DumperOptions to prevent invalid YAML
      to be dumped.
    + Fix issue #355: Fix for emitter to split long plain string
      scalars over multiple lines.
    + Apply pull request #13: Let Mark implement Serializable so
      that ParserException can be serialized
    + Fix issue #337: Throw exception in case of duplicate keys when
      LoaderOptions.allowDuplicateKeys is false.
    + Fix issue #351: Keep same nodes order on merge (preprocess
      keys for MappingNode and remove duplicates keeping the last
      one).
    + Fix issue #349: Ignore white spaces for base64 encoded scalar
    + Fix issue #348: Not removing parent object when composed
      object is an anchor
    + Fix issue #323: Support "Miscellaneous Symbols and
      Pictographs". This fix introduces minor backwards-incompatible
      changes - some of the methods have been renamed. This fixes
      also long standing issue with iOS emoji
    + Fix issue #341: Fix NPE in BaseRepresenter.multiRepresenters
      if it contains 'null' as a key
    + Update plugin versions
- Removed patch:
  * 0001-Replace-bundled-base64-implementation.patch
    + replaced by other implementation
- Modified patch:
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + Rediff to changed context
- Added patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
    + Replace with internal jdk8+ implementation
  * 0003-fix-broken-test.patch
    + fix a broken test

-------------------------------------------------------------------
Fri Mar  1 06:32:02 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Packaging of snakeyaml 1.17 based on Fedora package
- Generated and customized ant build file
- Removed patch:
  * snakeyaml-1.10-jdk9.patch
    + not needed any more

-------------------------------------------------------------------
Thu Nov 02 13:12:11 UTC 2017 - jgonzalez@suse.com

- Fix build with java9
- Add:
  * snakeyaml-1.10-jdk9.patch

-------------------------------------------------------------------
Tue Jul  1 13:06:37 UTC 2014 - mseidl@suse.de

- modified for sle12

-------------------------------------------------------------------
Fri Nov 18 01:48:56 CET 2011 - ro@suse.de

- explicitly add java-devel to buildrequires

-------------------------------------------------------------------
Fri Aug 26 14:55:26 UTC 2011 - bmaryniuk@suse.com

- Removed bootstrap binaries.

-------------------------------------------------------------------
Fri Aug 26 14:32:27 UTC 2011 - bmaryniuk@suse.com

- Initial build with a bootstrap binaries.

openSUSE Build Service is sponsored by