diff --git a/build.gradle b/build.gradle
index 09f66300305..3d5ac762bb1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -19,7 +19,7 @@
 
 buildscript {
     ext {
-        snakeYamlVersion = '1.33'
+        snakeYamlVersion = '2.0'
         shadowGradlePluginVersion = '7.0.0'
     }
 
diff --git a/logstash-core/benchmarks/build.gradle b/logstash-core/benchmarks/build.gradle
index 7c0dcbc11e3..a1b1012e650 100644
--- a/logstash-core/benchmarks/build.gradle
+++ b/logstash-core/benchmarks/build.gradle
@@ -58,7 +58,7 @@ dependencies {
   implementation "org.openjdk.jmh:jmh-core:$jmh"
   annotationProcessor "org.openjdk.jmh:jmh-generator-annprocess:$jmh"
   implementation 'com.google.guava:guava:24.1.1-jre'
-  implementation 'commons-io:commons-io:2.5'
+  implementation 'commons-io:commons-io:2.13.0'
   runtimeOnly 'joda-time:joda-time:2.8.2'
   api "org.jruby:jruby-core:$jrubyVersion"
 }
diff --git a/logstash-core/build.gradle b/logstash-core/build.gradle
index c8fc3847970..586f1ca3d4d 100644
--- a/logstash-core/build.gradle
+++ b/logstash-core/build.gradle
@@ -181,8 +181,6 @@ dependencies {
     implementation 'org.codehaus.janino:janino:3.1.0'
     implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:${jacksonVersion}"
     implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${jacksonVersion}"
-    // pin version of jackson-dataformat-yaml's transitive dependency "snakeyaml"
-    implementation "org.yaml:snakeyaml:1.33"
     implementation group: 'com.google.guava', name: 'guava', version: '31.1-jre'
     implementation('com.google.googlejavaformat:google-java-format:1.15.0') {
         exclude group: 'com.google.guava', module: 'guava'
diff --git a/tools/benchmark-cli/build.gradle b/tools/benchmark-cli/build.gradle
index 166afcd2b79..91313c2c7e3 100644
--- a/tools/benchmark-cli/build.gradle
+++ b/tools/benchmark-cli/build.gradle
@@ -50,11 +50,11 @@ ext {
 dependencies {
   implementation 'net.sf.jopt-simple:jopt-simple:5.0.3'
   implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.12'
-  implementation group: 'org.apache.commons', name: 'commons-compress', version: '1.20'
+  implementation group: 'org.apache.commons', name: 'commons-compress', version: '1.23.0'
   implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
   implementation group: 'commons-codec', name: 'commons-codec', version: '1.14'
 
-  implementation group: 'commons-io', name: 'commons-io', version: '2.7'
+  implementation group: 'commons-io', name: 'commons-io', version: '2.13.0'
   implementation "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
   api "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"
   implementation group: 'org.elasticsearch.client', name: 'elasticsearch-rest-client', version: elasticsearch
diff --git a/tools/dependencies-report/build.gradle b/tools/dependencies-report/build.gradle
index d7f6219a2b6..67995b5c1a7 100644
--- a/tools/dependencies-report/build.gradle
+++ b/tools/dependencies-report/build.gradle
@@ -42,7 +42,7 @@ buildscript {
 }
 
 dependencies {
-  implementation 'commons-io:commons-io:2.6'
+  implementation 'commons-io:commons-io:2.13.0'
   implementation 'org.apache.commons:commons-csv:1.5'
   implementation "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
   implementation "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
diff --git a/tools/ingest-converter/build.gradle b/tools/ingest-converter/build.gradle
index 9ed1c05ac36..928413700bb 100644
--- a/tools/ingest-converter/build.gradle
+++ b/tools/ingest-converter/build.gradle
@@ -45,7 +45,7 @@ dependencies {
   implementation 'net.sf.jopt-simple:jopt-simple:4.6'
   implementation "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"
   testImplementation "junit:junit:4.12"
-  testImplementation 'commons-io:commons-io:2.5'
+  testImplementation 'commons-io:commons-io:2.13.0'
 }
 
 javadoc {
diff --git a/versions.yml b/versions.yml
index bb881aea5cd..0b9aae85177 100644
--- a/versions.yml
+++ b/versions.yml
@@ -24,6 +24,6 @@ jruby:
 # Note: this file is copied to the root of logstash-core because its gemspec needs it when
 #       bundler evaluates the gemspec via bin/logstash
 # Ensure Jackson version here is kept in sync with version used by jrjackson gem
-jrjackson: 0.4.17
-jackson: 2.14.1
-jackson-databind: 2.14.1
+jrjackson: 0.4.18
+jackson: 2.15.2
+jackson-databind: 2.15.2