Request to Update snakeyaml Dependency to Address Security Vulnerabilities

[xhdtn8070]

Hello! Matej!

I am writing to bring to your attention a security concern related to the snakeyaml dependency used in the [Your Library's Name] project. Recently, I encountered a warning about vulnerable dependencies when using your library, specifically pointing to org.yaml:snakeyaml:1.33. This version of snakeyaml has been identified with critical security vulnerabilities, including CVE-2022-41854 and CVE-2022-1471, which pose significant risks.

Fortunately, a new version of snakeyaml (version 2.2) has been released that addresses these security issues. Considering the potential impact of these vulnerabilities, I kindly request that you consider updating the snakeyaml dependency in your project to this latest version.

This update would greatly enhance the security for all users of your library and help maintain the trust and reliability of the project.

Thank you for your attention to this matter and for your continued efforts in maintaining this valuable resource. I appreciate your prompt action in resolving this security concern.

Best regards, Tony https://mvnrepository.com/artifact/org.yaml/snakeyaml

[kangarko]

Two things:

1. (from the authors of snakeyaml)

2. We can't not use that snakeyaml version on legacy MC versions, modern MC versions use the latest one. We only import it as dependency because of one class constructor but use no code from it.