Revert "Update snakeyaml: 1.33 -> 2.0"

ctrueden · ctrueden · commit 1de596513b2b · 2023-03-20T15:42:00.000-05:00
This reverts commit a11e7d7. The snakeyaml 1.33 release is new enough to avoid CVE-2022-25857 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857), which affects snakeyaml [0, 1.31). We'll stick with 1.33 for now, because 2.0 breaks API compatibility in ways that break the ui-behaviour and bigdataviewer-core projects.
diff --git a/pom.xml b/pom.xml
@@ -2223,7 +2223,7 @@
 		<org.slf4j.jcl-over-slf4j.version>${jcl-over-slf4j.version}</org.slf4j.jcl-over-slf4j.version>
 
 		<!-- SnakeYAML - https://bitbucket.org/asomov/snakeyaml -->
-		<snakeyaml.version>2.0</snakeyaml.version>
+		<snakeyaml.version>1.33</snakeyaml.version>
 		<org.yaml.snakeyaml.version>${snakeyaml.version}</org.yaml.snakeyaml.version>
 
 		<!-- SnakeYAML Engine - https://bitbucket.org/asomov/snakeyaml-engine -->
