Update snakeyaml dependency to 2.0 to address vulnerability with 1.26 (#2947)

aimethed · web-flow · commit 0738fd1b280d · 2025-08-21T11:08:26.000-04:00
diff --git a/athena-elasticsearch/pom.xml b/athena-elasticsearch/pom.xml
@@ -80,6 +80,18 @@
             <groupId>org.elasticsearch.client</groupId>
             <artifactId>elasticsearch-rest-high-level-client</artifactId>
             <version>7.10.2</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.0</version>
+            <!-- Override to address CVE vulnerabilities in snakeyaml 1.26 from elasticsearch dependency -->
         </dependency>
         <!-- https://mvnrepository.com/artifact/software.amazon.awssdk/elasticsearch -->
         <dependency>
