Revert SnakeYAML changes (#13336)

Revert "Override Spring BOM for SnakeYAML to force version 2.2  (#13255)"
- This reverts commit 1373750.

Revert "Upgrade to SnakeYaml 2.2 and use SafeContructor to prevent accessing the classpath (#13207)"
- This reverts commit dd02741.
- This reverts commit 980d835.
- This reverts commit 64a2806.

build.gradle

@@ -111,12 +111,6 @@ ext {
             names  : ['grails-async', 'grails-events'],
             modules: ['gpars', 'rxjava', 'rxjava2']
         ],
-        snakeyaml: [
-            version: snakeyamlVersion,
-            group  : 'org.yaml',
-            names: ['snakeyaml'],
-            modules: ['']
-        ],
         spock: [
             version: spockVersion,
             group  : 'org.spockframework',

gradle.properties

@@ -20,7 +20,6 @@ jansiVersion=1.18
 jlineVersion=2.14.6
 jnaVersion=4.5.2
 slf4jVersion=1.7.30
-snakeyamlVersion=2.2
 directoryWatcherVersion=0.9.9
 junitVersion=4.13
 caffeineVersion=2.6.2

grails-bootstrap/build.gradle

@@ -3,7 +3,7 @@ import org.apache.tools.ant.filters.ReplaceTokens
 dependencies {
     compile ( "org.codehaus.groovy:groovy-xml:$groovyVersion" )
     compile ( "org.codehaus.groovy:groovy-templates:$groovyVersion" )
-    compile "org.yaml:snakeyaml:$snakeyamlVersion"
+    compile "org.yaml:snakeyaml:1.33"
 
     compileOnly("io.methvin:directory-watcher:0.16.1")
     compileOnly("org.fusesource.jansi:jansi:$jansiVersion")

grails-bootstrap/src/main/groovy/grails/util/Metadata.groovy

@@ -22,7 +22,6 @@ import org.grails.config.NavigableMap
 import org.grails.io.support.FileSystemResource
 import org.grails.io.support.Resource
 import org.grails.io.support.UrlResource
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -169,7 +168,7 @@ class Metadata extends NavigableMap implements ConfigMap  {
     }
 
     private Object loadYml(InputStream input) {
-        Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()))
+        Yaml yaml = new Yaml(new SafeConstructor())
         def loadedYaml = yaml.loadAll(input)
         List result = []
         for(Object yamlObject : loadedYaml) {

grails-bootstrap/src/main/groovy/org/grails/config/CodeGenConfig.groovy

@@ -22,7 +22,6 @@ import groovy.transform.CompileDynamic
 import groovy.transform.CompileStatic
 import org.codehaus.groovy.runtime.DefaultGroovyMethods
 import org.codehaus.groovy.runtime.typehandling.GroovyCastException
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -154,7 +153,7 @@ class CodeGenConfig implements Cloneable, ConfigMap {
 
     @CompileDynamic // fails with CompileStatic!
     void loadYml(InputStream input) {
-        Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()))
+        Yaml yaml = new Yaml(new SafeConstructor())
         for(Object yamlObject : yaml.loadAll(input)) {
             if(yamlObject instanceof Map) { // problem here with CompileStatic
                 mergeMap((Map)yamlObject)

grails-docs/build.gradle

@@ -9,7 +9,7 @@ dependencies {
             "org.slf4j:jcl-over-slf4j:$slf4jVersion",
             "org.apache.ant:ant:$antVersion",
             'org.grails:grails-gdoc-engine:1.0.1',
-            "org.yaml:snakeyaml:$snakeyamlVersion",
+            'org.yaml:snakeyaml:1.33',
             "org.codehaus.groovy:groovy-ant:$groovyVersion"
 
     compile 'org.asciidoctor:asciidoctorj:2.5.6'

grails-docs/src/main/groovy/grails/doc/DocPublisher.groovy

@@ -24,7 +24,6 @@ import org.apache.commons.logging.LogFactory
 import org.radeox.api.engine.WikiRenderEngine
 import org.radeox.engine.context.BaseInitialRenderContext
 import org.radeox.engine.context.BaseRenderContext
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -266,7 +265,7 @@ class DocPublisher {
         def legacyLinks = [:]
         if (legacyLinksFile.exists()) {
             legacyLinksFile.withInputStream { input ->
-                legacyLinks = new Yaml(new SafeConstructor(new LoaderOptions())).load(input)
+                legacyLinks = new Yaml(new SafeConstructor()).load(input)
             }
         }
 
@@ -538,7 +537,7 @@ class DocPublisher {
             }
             else if(propertiesFile.name.endsWith('.yml')) {
                 propertiesFile.withInputStream { input ->
-                    def ymls = new Yaml(new SafeConstructor(new LoaderOptions())).loadAll(input)
+                    def ymls = new Yaml(new SafeConstructor()).loadAll(input)
                     for(yml in ymls) {
                         if(yml instanceof Map) {
                             def config = yml.grails?.doc

grails-docs/src/main/groovy/grails/doc/internal/YamlTocStrategy.groovy

@@ -1,14 +1,13 @@
 package grails.doc.internal
 
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
 /**
  * Class representing a Grails user guide table of contents defined in YAML.
  */
 class YamlTocStrategy {
-    private final parser = new Yaml(new SafeConstructor(new LoaderOptions()))
+    private final parser = new Yaml(new SafeConstructor())
     private resourceChecker
     private String ext = ".gdoc"
 

grails-shell/src/main/groovy/org/grails/cli/gradle/cache/MapReadingCachedGradleOperation.groovy

@@ -20,7 +20,6 @@ import groovy.transform.CompileStatic
 import groovy.transform.InheritConstructors
 import org.gradle.tooling.ProjectConnection
 import org.yaml.snakeyaml.DumperOptions
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 import org.yaml.snakeyaml.representer.Representer
@@ -38,7 +37,7 @@ abstract class MapReadingCachedGradleOperation <V> extends CachedGradleOperation
     @Override
     Map<String, V> readFromCached(File f) {
         def map = (Map<String, Object>) f.withReader { BufferedReader r ->
-            new Yaml(new SafeConstructor(new LoaderOptions())).load(r)
+            new Yaml(new SafeConstructor()).load(r)
         }
         Map<String, V> newMap = [:]
 
@@ -62,7 +61,7 @@ abstract class MapReadingCachedGradleOperation <V> extends CachedGradleOperation
                 return [(key):val.toString()]
             }
         }
-        new Yaml(new SafeConstructor(new LoaderOptions()), new Representer(options), options).dump(toWrite, writer)
+        new Yaml(new SafeConstructor(), new Representer(), options).dump(toWrite, writer)
     }
 
 }

grails-shell/src/main/groovy/org/grails/cli/profile/AbstractProfile.groovy

@@ -33,7 +33,6 @@ import org.grails.cli.profile.commands.DefaultMultiStepCommand
 import org.grails.cli.profile.commands.script.GroovyScriptCommand
 import org.grails.config.NavigableMap
 import org.grails.io.support.Resource
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -109,7 +108,7 @@ abstract class AbstractProfile implements Profile {
 
     protected void initialize() {
         def profileYml = profileDir.createRelative("profile.yml")
-        Map<String, Object> profileConfig = new Yaml(new SafeConstructor(new LoaderOptions())).<Map<String, Object>> load(profileYml.getInputStream())
+        Map<String, Object> profileConfig = new Yaml(new SafeConstructor()).<Map<String, Object>> load(profileYml.getInputStream())
 
         name = profileConfig.get("name")?.toString()
         description = profileConfig.get("description")?.toString() ?: ''
@@ -139,7 +138,7 @@ abstract class AbstractProfile implements Profile {
                 else if(fileName.endsWith('.yml')) {
                     def yamlCommand = profileDir.createRelative("commands/$fileName")
                     if(yamlCommand.exists()) {
-                        Map<String, Object> data = new Yaml(new SafeConstructor(new LoaderOptions())).<Map>load(yamlCommand.getInputStream())
+                        Map<String, Object> data = new Yaml(new SafeConstructor()).<Map>load(yamlCommand.getInputStream())
                         Command cmd = new DefaultMultiStepCommand(clsName.toString(), this, data)
                         Object minArguments = data?.minArguments
                         cmd.minArguments = minArguments instanceof Integer ? (Integer)minArguments : 1

grails-shell/src/main/groovy/org/grails/cli/profile/DefaultFeature.groovy

@@ -23,7 +23,6 @@ import org.eclipse.aether.artifact.DefaultArtifact
 import org.eclipse.aether.graph.Dependency
 import org.grails.config.NavigableMap
 import org.grails.io.support.Resource
-import org.yaml.snakeyaml.LoaderOptions
 import org.yaml.snakeyaml.Yaml
 import org.yaml.snakeyaml.constructor.SafeConstructor
 
@@ -50,7 +49,7 @@ class DefaultFeature implements Feature {
         this.name = name
         this.location = location
         def featureYml = location.createRelative("feature.yml")
-        Map<String, Object> featureConfig = new Yaml(new SafeConstructor(new LoaderOptions())).<Map<String, Object>>load(featureYml.getInputStream())
+        Map<String, Object> featureConfig = new Yaml(new SafeConstructor()).<Map<String, Object>>load(featureYml.getInputStream())
         configuration.merge(featureConfig)
         def dependencyMap = configuration.get("dependencies")