jackson-dataformat-yaml dependency on snakyaml with vulnerability CVE-2022-1471 │

[ns-jhu]

jackson-dataformat-yaml depends on snakeyaml-1.33.jar, which has vulnerability CVE-2022-1471
GHSA-mjmj-j48q-9wg2.

vulnerability CVE-2022-1471 is only fixed in snakeyaml version 2.0 or higher. we need to update jackson-dataformat-yaml
remove the dependency on snakeyaml 1.x version

[cowtowncoder]

As per #390 Jackson 2.15 will use SnakeYAML 2.0

Until then just use jackson-dataformat-yaml version 2.14.2 and override snakeyaml dependency; 2.14.2 has changes necessary to allow this to work.

Next time you may also try to search issues for this project to find issues like #390 that have been resolved.