fix(sec): upgrade org.yaml:snakeyaml to 2.0

[charley-zhang]

What happened？

There are 1 security vulnerabilities found in org.yaml:snakeyaml 1.33

• CVE-2022-1471

What did I do？

Upgrade org.yaml:snakeyaml from 1.33 to 2.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[codecov-commenter]

Codecov Report

Merging #12399 (1ef8fa4) into 3.2 (da70e90) will decrease coverage by 0.34%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                3.2   #12399      +/-   ##
============================================
- Coverage     69.66%   69.32%   -0.34%     
+ Complexity      341        2     -339     
============================================
  Files          3435     1607    -1828     
  Lines        161903    66326   -95577     
  Branches      27185     9735   -17450     
============================================
- Hits         112790    45982   -66808     
+ Misses        39200    15873   -23327     
+ Partials       9913     4471    -5442     

see 1844 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[slankka]

It is a breaking changes for snakeyaml:1.33 to snakeyaml:2.0

snakeyaml 2.0 removes many deprecated constructors

It will cause many frameworks rely on it NoSuchMethodError:

java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.SafeConstructor: method 'void <init>()' not found

https://bitbucket.org/snakeyaml/snakeyaml/issues/1072/error-after-upgrading-snake-yaml-from-133

and Spring-boot 2.x
spring-projects/spring-boot#34405