From 97825a1b5f3d7a36836c0b3a2e5a02238fa85a36 Mon Sep 17 00:00:00 2001
From: Ling Hengqian <linghengqian@outlook.com>
Date: Thu, 19 Oct 2023 22:32:49 +0800
Subject: [PATCH] Updates ElasticJob to 3.0.4 to block CVEs for SnakeYAML
 delivery (#28805)

---
 .../agent/core/yaml/AgentYamlConstructor.java |  5 +-
 .../agent/core/yaml/AgentYamlEngine.java      | 11 ++++-
 .../src/main/release-docs/LICENSE             |  2 +-
 .../proxy/src/main/release-docs/LICENSE       |  2 +-
 .../jdbc-driver/spring-boot/_index.cn.md      | 45 ++++++-----------
 .../jdbc-driver/spring-boot/_index.en.md      | 48 +++++++------------
 .../infra/util/yaml/YamlEngine.java           |  4 +-
 .../ShardingSphereYamlRepresenter.java        |  3 +-
 .../infra/util/yaml/YamlEngineTest.java       |  4 +-
 .../ShardingSphereYamlConstructorTest.java    |  4 +-
 .../ShardingSphereYamlRepresenterTest.java    |  4 +-
 pom.xml                                       |  4 +-
 12 files changed, 58 insertions(+), 78 deletions(-)

diff --git a/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlConstructor.java b/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlConstructor.java
index dec92288623d8..002f57d43a6a5 100644
--- a/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlConstructor.java
+++ b/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlConstructor.java
@@ -18,6 +18,7 @@
 package org.apache.shardingsphere.agent.core.yaml;
 
 import org.apache.shardingsphere.agent.core.util.AgentPreconditions;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.constructor.Constructor;
 
 /**
@@ -27,8 +28,8 @@ public final class AgentYamlConstructor extends Constructor {
     
     private final Class<?> rootClass;
     
-    public AgentYamlConstructor(final Class<?> rootClass) {
-        super(rootClass);
+    public AgentYamlConstructor(final Class<?> rootClass, final LoaderOptions loadingConfig) {
+        super(rootClass, loadingConfig);
         this.rootClass = rootClass;
     }
     
diff --git a/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlEngine.java b/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlEngine.java
index c5187528e0678..7289e0f5bc3b0 100644
--- a/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlEngine.java
+++ b/agent/core/src/main/java/org/apache/shardingsphere/agent/core/yaml/AgentYamlEngine.java
@@ -21,6 +21,7 @@
 import lombok.NoArgsConstructor;
 import org.apache.shardingsphere.agent.core.advisor.config.yaml.entity.YamlAdvisorsConfiguration;
 import org.apache.shardingsphere.agent.core.plugin.config.yaml.entity.YamlAgentConfiguration;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 
 import java.io.InputStream;
@@ -38,7 +39,7 @@ public final class AgentYamlEngine {
      * @return YAML agent configuration
      */
     public static YamlAgentConfiguration unmarshalYamlAgentConfiguration(final InputStream inputStream) {
-        return new Yaml(new AgentYamlConstructor(YamlAgentConfiguration.class)).loadAs(inputStream, YamlAgentConfiguration.class);
+        return new Yaml(new AgentYamlConstructor(YamlAgentConfiguration.class, createLoaderOptions())).loadAs(inputStream, YamlAgentConfiguration.class);
     }
     
     /**
@@ -48,6 +49,12 @@ public static YamlAgentConfiguration unmarshalYamlAgentConfiguration(final Input
      * @return YAML advisors configuration
      */
     public static YamlAdvisorsConfiguration unmarshalYamlAdvisorsConfiguration(final InputStream inputStream) {
-        return new Yaml(new AgentYamlConstructor(YamlAdvisorsConfiguration.class)).loadAs(inputStream, YamlAdvisorsConfiguration.class);
+        return new Yaml(new AgentYamlConstructor(YamlAdvisorsConfiguration.class, createLoaderOptions())).loadAs(inputStream, YamlAdvisorsConfiguration.class);
+    }
+    
+    private static LoaderOptions createLoaderOptions() {
+        LoaderOptions result = new LoaderOptions();
+        result.setCodePointLimit(Integer.MAX_VALUE);
+        return result;
     }
 }
diff --git a/distribution/proxy-native/src/main/release-docs/LICENSE b/distribution/proxy-native/src/main/release-docs/LICENSE
index 31210b5b709ba..65f539e1ec826 100644
--- a/distribution/proxy-native/src/main/release-docs/LICENSE
+++ b/distribution/proxy-native/src/main/release-docs/LICENSE
@@ -298,7 +298,7 @@ The text of each license is the standard Apache 2.0 license.
     proj4j 1.2.2: https://github.com/locationtech/proj4j, Apache 2.0
     quartz 2.3.2: https://github.com/quartz-scheduler/quartz, Apache 2.0
     sketches-core 0.9.0, Apache 2.0
-    snakeyaml 1.33: https://bitbucket.org/snakeyaml/snakeyaml, Apache 2.0
+    snakeyaml 2.2: https://bitbucket.org/snakeyaml/snakeyaml, Apache 2.0
     transmittable-thread-local 2.14.2: https://github.com/alibaba/transmittable-thread-local, Apache 2.0
     uzaygezen-core 0.2: https://code.google.com/p/uzaygezen, Apache 2.0
     zookeeper 3.9.0: https://github.com/apache/zookeeper, Apache 2.0
diff --git a/distribution/proxy/src/main/release-docs/LICENSE b/distribution/proxy/src/main/release-docs/LICENSE
index 31210b5b709ba..65f539e1ec826 100644
--- a/distribution/proxy/src/main/release-docs/LICENSE
+++ b/distribution/proxy/src/main/release-docs/LICENSE
@@ -298,7 +298,7 @@ The text of each license is the standard Apache 2.0 license.
     proj4j 1.2.2: https://github.com/locationtech/proj4j, Apache 2.0
     quartz 2.3.2: https://github.com/quartz-scheduler/quartz, Apache 2.0
     sketches-core 0.9.0, Apache 2.0
-    snakeyaml 1.33: https://bitbucket.org/snakeyaml/snakeyaml, Apache 2.0
+    snakeyaml 2.2: https://bitbucket.org/snakeyaml/snakeyaml, Apache 2.0
     transmittable-thread-local 2.14.2: https://github.com/alibaba/transmittable-thread-local, Apache 2.0
     uzaygezen-core 0.2: https://code.google.com/p/uzaygezen, Apache 2.0
     zookeeper 3.9.0: https://github.com/apache/zookeeper, Apache 2.0
diff --git a/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.cn.md b/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.cn.md
index d88b9e8fc9af9..db1d1a88bbaae 100644
--- a/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.cn.md
+++ b/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.cn.md
@@ -40,7 +40,7 @@ spring.datasource.url=jdbc:shardingsphere:classpath:xxx.yaml
 Spring Boot OSS 3 对 Jakarta EE 和 Java 17 进行了 “大爆炸” 升级，涉及大量复杂情况。
 
 对于正在使用 Java EE 8 API 及其实现的 ShardingSphere JDBC 而言，如果用户希望在 Spring Boot OSS 3 等基于 Jakarta EE 9+ API 的 Web 
-Framework 上使用 ShardingSphere JDBC，则需要引入 Java EE 8 的 JAXB 的实现，并指定一个特定的 SnakeYAML 版本。
+Framework 上使用 ShardingSphere JDBC，则需要引入 Java EE 8 的 JAXB 的实现。
 
 这在 Maven 的 `pom.xml` 体现为如下内容。你也可以使用其他的 JAXB API 的实现。此配置同样适用于其他基于 Jakarta EE 的 Web Framework，如 
 Quarkus 3，Micronaut Framework 4 和 Helidon 3。
@@ -53,11 +53,6 @@ Quarkus 3，Micronaut Framework 4 和 Helidon 3。
             <artifactId>shardingsphere-jdbc-core</artifactId>
             <version>${shardingsphere.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-            <version>1.33</version>
-        </dependency>
         <dependency>
             <groupId>org.glassfish.jaxb</groupId>
             <artifactId>jaxb-runtime</artifactId>
@@ -67,15 +62,15 @@ Quarkus 3，Micronaut Framework 4 和 Helidon 3。
 </project>
 ```
 
-如果用户是通过 https://start.spring.io/ 创建了 Spring Boot 项目，或者在 `dependencyManagement` 的 XML 标签导入了 
-`org.springframework.boot:spring-boot-dependencies` 的 POM 文件，则可通过如下内容来简化配置。
+此外，ShardingSphere 的 XA 分布式事务尚未在 Spring Boot OSS 3 上就绪。
+
+## 针对低版本的 Spring Boot OSS 2 的特殊处理
+
+ShardingSphere 的所有特性均可在 Spring Boot OSS 2 上使用，但低版本的 Spring Boot OSS 可能需要手动指定 SnakeYAML 的版本为 2.2 。 
+这在 Maven 的 `pom.xml` 体现为如下内容。
 
 ```xml
 <project>
-    <properties>
-        <snakeyaml.version>1.33</snakeyaml.version>
-    </properties>
-    
     <dependencies>
         <dependency>
             <groupId>org.apache.shardingsphere</groupId>
@@ -83,38 +78,28 @@ Quarkus 3，Micronaut Framework 4 和 Helidon 3。
             <version>${shardingsphere.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.glassfish.jaxb</groupId>
-            <artifactId>jaxb-runtime</artifactId>
-            <version>2.3.8</version>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.2</version>
         </dependency>
     </dependencies>
 </project>
 ```
 
-此外，ShardingSphere 的 XA 分布式事务尚未在 Spring Boot OSS 3 上就绪。
-
-## 针对低版本的 Spring Boot OSS 2 的特殊处理
-
-ShardingSphere 的所有特性均可在 Spring Boot OSS 2 上使用，但低版本的 Spring Boot OSS 可能需要手动指定 SnakeYAML 的版本为 1.33 。 
-这在 Maven 的 `pom.xml` 体现为如下内容。
+如果用户是通过 https://start.spring.io/ 创建了 Spring Boot 项目，则可通过如下内容来简化配置。
 
 ```xml
 <project>
+    <properties>
+        <snakeyaml.version>2.2</snakeyaml.version>
+    </properties>
+    
     <dependencies>
         <dependency>
             <groupId>org.apache.shardingsphere</groupId>
             <artifactId>shardingsphere-jdbc-core</artifactId>
             <version>${shardingsphere.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-            <version>1.33</version>
-        </dependency>
     </dependencies>
 </project>
 ```
-
-如果用户是通过 https://start.spring.io/ 创建了 Spring Boot 项目，或者在 `dependencyManagement` 的 XML 标签导入了
-`org.springframework.boot:spring-boot-dependencies`的 POM 文件，同样可以选择通过配置 `snakeyaml.version` 的 `properties` 
-来简化内容。
diff --git a/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.en.md b/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.en.md
index 1e57790429afe..cadc2364bc9d1 100644
--- a/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.en.md
+++ b/docs/document/content/user-manual/shardingsphere-jdbc/yaml-config/jdbc-driver/spring-boot/_index.en.md
@@ -41,7 +41,7 @@ Spring Boot OSS 3 has made a "big bang" upgrade to Jakarta EE and Java 17, with
 
 For ShardingSphere JDBC that is using the Java EE 8 API and its implementation, if you want to use ShardingSphere JDBC 
 on a Jakarta EE 9+ API-based web framework such as Spring Boot OSS 3, you need to introduce a JAXB implementation of 
-Java EE 8 and specify a specific version of SnakeYAML.
+Java EE 8.
 
 This is reflected in Maven's `pom.xml` as follows. You can also use other JAXB API implementations. This configuration 
 also applies to other Jakarta EE-based Web Frameworks, such as Quarkus 3, Micronaut Framework 4 and Helidon 3.
@@ -54,11 +54,6 @@ also applies to other Jakarta EE-based Web Frameworks, such as Quarkus 3, Micron
             <artifactId>shardingsphere-jdbc-core</artifactId>
             <version>${shardingsphere.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-            <version>1.33</version>
-        </dependency>
         <dependency>
             <groupId>org.glassfish.jaxb</groupId>
             <artifactId>jaxb-runtime</artifactId>
@@ -68,16 +63,16 @@ also applies to other Jakarta EE-based Web Frameworks, such as Quarkus 3, Micron
 </project>
 ```
 
-If the user created the Spring Boot project from https://start.spring.io/, or the `dependencyManagement` XML tag was 
-imported POM file for `org.springframework.boot:spring-boot-dependencies`, users can simplify configuration by 
-following things.
+In addition, ShardingSphere's XA distributed transactions are not yet ready on Spring Boot OSS 3.
+
+## Special handling for earlier versions of Spring Boot OSS 2
+
+All features of ShardingSphere are available on Spring Boot OSS 2, but earlier versions of Spring Boot OSS may require 
+manually specifying version 2.2 for SnakeYAML.
+This is reflected in Maven's `pom.xml` as follows.
 
 ```xml
 <project>
-    <properties>
-        <snakeyaml.version>1.33</snakeyaml.version>
-    </properties>
-    
     <dependencies>
         <dependency>
             <groupId>org.apache.shardingsphere</groupId>
@@ -85,38 +80,29 @@ following things.
             <version>${shardingsphere.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.glassfish.jaxb</groupId>
-            <artifactId>jaxb-runtime</artifactId>
-            <version>2.3.8</version>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.2</version>
         </dependency>
     </dependencies>
 </project>
 ```
 
-In addition, ShardingSphere's XA distributed transactions are not yet ready on Spring Boot OSS 3.
-
-## Special handling for earlier versions of Spring Boot OSS 2
-
-All features of ShardingSphere are available on Spring Boot OSS 2, but earlier versions of Spring Boot OSS may require 
-manually specifying version 1.33 for SnakeYAML.
-This is reflected in Maven's `pom.xml` as follows.
+If the user created the Spring Boot project from https://start.spring.io/, users can simplify configuration by
+following things.
 
 ```xml
 <project>
+    <properties>
+        <snakeyaml.version>2.2</snakeyaml.version>
+    </properties>
+    
     <dependencies>
         <dependency>
             <groupId>org.apache.shardingsphere</groupId>
             <artifactId>shardingsphere-jdbc-core</artifactId>
             <version>${shardingsphere.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-            <version>1.33</version>
-        </dependency>
     </dependencies>
 </project>
 ```
-If the user created the Spring Boot project from https://start.spring.io/, or the `dependencyManagement` XML tag was
-imported POM file for `org.springframework.boot:spring-boot-dependencies`, users can also choose to simplify the content
-by configuring `properties` for `snakeyaml.version`.
diff --git a/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/YamlEngine.java b/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/YamlEngine.java
index 6ac4eb247c40d..6d43eee4e0704 100644
--- a/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/YamlEngine.java
+++ b/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/YamlEngine.java
@@ -107,8 +107,8 @@ public static String marshal(final Object value) {
         DumperOptions dumperOptions = new DumperOptions();
         dumperOptions.setLineBreak(DumperOptions.LineBreak.getPlatformLineBreak());
         if (value instanceof Collection) {
-            return new Yaml(new ShardingSphereYamlRepresenter(), dumperOptions).dumpAs(value, null, DumperOptions.FlowStyle.BLOCK);
+            return new Yaml(new ShardingSphereYamlRepresenter(dumperOptions)).dumpAs(value, null, DumperOptions.FlowStyle.BLOCK);
         }
-        return new Yaml(new ShardingSphereYamlRepresenter(), dumperOptions).dumpAsMap(value);
+        return new Yaml(new ShardingSphereYamlRepresenter(dumperOptions)).dumpAsMap(value);
     }
 }
diff --git a/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenter.java b/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenter.java
index 32b2a9dc5a66a..61ac355c5de59 100644
--- a/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenter.java
+++ b/infra/util/src/main/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenter.java
@@ -39,7 +39,8 @@
  */
 public final class ShardingSphereYamlRepresenter extends Representer {
     
-    public ShardingSphereYamlRepresenter() {
+    public ShardingSphereYamlRepresenter(final DumperOptions dumperOptions) {
+        super(dumperOptions);
         Map<String, Class<?>> yamlShortcuts = new HashMap<>();
         ShardingSphereServiceLoader.getServiceInstances(ShardingSphereYamlShortcuts.class).stream().map(ShardingSphereYamlShortcuts::getYamlShortcuts).forEach(yamlShortcuts::putAll);
         yamlShortcuts.forEach((key, value) -> addClassTag(value, new Tag(key)));
diff --git a/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/YamlEngineTest.java b/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/YamlEngineTest.java
index abc69d70efd41..f773d71967ce0 100644
--- a/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/YamlEngineTest.java
+++ b/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/YamlEngineTest.java
@@ -19,7 +19,7 @@
 
 import org.apache.shardingsphere.infra.util.yaml.fixture.shortcuts.YamlShortcutsConfigurationFixture;
 import org.junit.jupiter.api.Test;
-import org.yaml.snakeyaml.constructor.ConstructorException;
+import org.yaml.snakeyaml.composer.ComposerException;
 
 import java.io.BufferedReader;
 import java.io.File;
@@ -101,7 +101,7 @@ void assertUnmarshalInvalidYaml() throws IOException {
                 yamlContent.append(line).append(System.lineSeparator());
             }
         }
-        assertThrows(ConstructorException.class, () -> YamlEngine.unmarshal(yamlContent.toString(), Object.class));
+        assertThrows(ComposerException.class, () -> YamlEngine.unmarshal(yamlContent.toString(), Object.class));
     }
     
     @Test
diff --git a/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/constructor/ShardingSphereYamlConstructorTest.java b/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/constructor/ShardingSphereYamlConstructorTest.java
index 6a1ea12861852..982233f62be1f 100644
--- a/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/constructor/ShardingSphereYamlConstructorTest.java
+++ b/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/constructor/ShardingSphereYamlConstructorTest.java
@@ -20,7 +20,7 @@
 import org.apache.shardingsphere.infra.util.yaml.fixture.pojo.YamlConfigurationFixture;
 import org.junit.jupiter.api.Test;
 import org.yaml.snakeyaml.Yaml;
-import org.yaml.snakeyaml.constructor.ConstructorException;
+import org.yaml.snakeyaml.composer.ComposerException;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -53,7 +53,7 @@ private void assertYamlObject(final YamlConfigurationFixture actual) {
     @Test
     void assertToObjectWithNotAcceptClass() throws IOException {
         try (InputStream inputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("yaml/accepted-class.yaml")) {
-            assertThrows(ConstructorException.class, () -> new Yaml(new ShardingSphereYamlConstructor(Object.class)).loadAs(inputStream, Object.class));
+            assertThrows(ComposerException.class, () -> new Yaml(new ShardingSphereYamlConstructor(Object.class)).loadAs(inputStream, Object.class));
         }
     }
 }
diff --git a/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenterTest.java b/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenterTest.java
index 2048854884d4f..b73bc065650f9 100644
--- a/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenterTest.java
+++ b/infra/util/src/test/java/org/apache/shardingsphere/infra/util/yaml/representer/ShardingSphereYamlRepresenterTest.java
@@ -37,7 +37,7 @@ class ShardingSphereYamlRepresenterTest {
     @Test
     void assertToYamlWithoutContent() {
         YamlConfigurationFixture actual = new YamlConfigurationFixture();
-        assertThat(new Yaml(new ShardingSphereYamlRepresenter(), new DumperOptions()).dumpAsMap(actual), is("{}\n"));
+        assertThat(new Yaml(new ShardingSphereYamlRepresenter(new DumperOptions())).dumpAsMap(actual), is("{}\n"));
     }
     
     @Test
@@ -53,7 +53,7 @@ void assertToYamlWithAllContents() {
         actual.getEmbeddedMap().put("embedded_map_1", new LinkedHashMap<>());
         actual.getEmbeddedMap().put("embedded_map_2", Collections.singletonMap("embedded_map_foo", "embedded_map_foo_value"));
         actual.setCustomizedTag("customized_tag");
-        String expected = new Yaml(new ShardingSphereYamlRepresenter(), new DumperOptions()).dumpAsMap(actual);
+        String expected = new Yaml(new ShardingSphereYamlRepresenter(new DumperOptions())).dumpAsMap(actual);
         assertThat(expected, containsString("collection:\n- value1\n- value2\n"));
         assertThat(expected, containsString("map:\n  key1: value1\n  key2: value2\n"));
         assertThat(expected, not(containsString("embedded_map_1")));
diff --git a/pom.xml b/pom.xml
index a653227e116f2..f6ea7c2d9fbd5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,7 +73,7 @@
         
         <antlr4.version>4.10.1</antlr4.version>
         <bytebuddy.version>1.14.8</bytebuddy.version>
-        <snakeyaml.version>1.33</snakeyaml.version>
+        <snakeyaml.version>2.2</snakeyaml.version>
         <gson.version>2.10.1</gson.version>
         <jackson.version>2.14.0</jackson.version>
         <json-path.version>2.8.0</json-path.version>
@@ -97,7 +97,7 @@
         <jetcd.version>0.7.6</jetcd.version>
         <grpc.version>1.58.0</grpc.version>
         
-        <elasticjob.version>3.0.3</elasticjob.version>
+        <elasticjob.version>3.0.4</elasticjob.version>
         
         <slf4j.version>1.7.36</slf4j.version>
         <logback.version>1.2.12</logback.version>