Upgrade to snakeyaml 2.0 to fix CVE

[olwulff]

This library must be upgraded to snakeyaml 2.0 to fix the below CVE:
https://nvd.nist.gov/vuln/detail/CVE-2022-1471

[yawkat]

Please see this issue: #382 – users of jackson are not affected by the CVE.

Nonetheless, we will update to 2.0 in 2.15.0: #390

[cowtowncoder]

@olwulff Please note that although we cannot (for backwards-compatibility concerns) update this for older versions, it is likely that local override of dependencies allows developers to upgrade SnakeYAML dependency too.

... despite it not being needed at all. As per @yawkat Jackson YAML module is not affected by these Vulns/CVEs at all. Yet another case of Silly Security Theater.