Update snakeyaml to 2.0

* Resolves CVE-2022-1471

Fixes #23201

gradle/verification-metadata.xml

@@ -74,6 +74,7 @@
          <trusted-key id="08f0aab4d0c1a4bdde340765b341ddb020fcb6ab" group="org.bouncycastle"/>
          <trusted-key id="0cb5871fb7bf3b351614bbf6ca85ffe638d4407a" group="it.unimi.dsi" name="fastutil"/>
          <trusted-key id="0e18eae07b7774eac5db3f2113bb90ce8eafbe37" group="com.microsoft.playwright"/>
+         <trusted-key id="120d6f34e627ed3a772ebbfe55c7e5e701832382" group="org.yaml" name="snakeyaml"/>
          <trusted-key id="160a7a9cf46221a56b06ad64461a804f2609fd89" group="^com[.]github[.]shyiko($|([.].*))" regex="true"/>
          <trusted-key id="1616273079fe63e31c938f10f0df21d1d0a3c384" group="com.google.inject" name="guice" version="4.2.3"/>
          <trusted-key id="19beab2d799c020f17c69126b16698a4adf4d638" group="org.checkerframework" name="checker-qual"/>
@@ -1438,11 +1439,6 @@
             <sha256 value="003785669f921aafe4f137468dd20a01a36111e94fd7449f26c16e7924d82d23" origin="Artifact is not signed"/>
          </artifact>
       </component>
-      <component group="org.yaml" name="snakeyaml" version="1.32">
-         <artifact name="snakeyaml-1.32.jar">
-            <pgp value="120d6f34e627ed3a772ebbfe55c7e5e701832382"/>
-         </artifact>
-      </component>
       <component group="org.ysb33r.gradle" name="grolifant" version="0.16.1">
          <artifact name="grolifant-0.16.1.jar">
             <ignored-keys>

subprojects/distributions-dependencies/build.gradle.kts

@@ -135,7 +135,7 @@ dependencies {
         api(libs.plist)                 { version { strictly("1.21") }}
         api(libs.servletApi)            { version { strictly("3.1.0") }}
         api(libs.slf4jApi)              { version { strictly(slf4jVersion) }}
-        api(libs.snakeyaml)             { version { strictly("1.32") }}
+        api(libs.snakeyaml)             { version { strictly("2.0") }}
         api(libs.testng)                { version { strictly("6.3.1"); because("later versions break test cross-version test filtering") }}
         api(libs.tomlj)                 { version { strictly(tomljVersion) }}
         api(libs.trove4j)               { version { strictly("1.0.20200330") }}

subprojects/platform-native/src/main/java/org/gradle/nativeplatform/toolchain/internal/swift/SwiftDepsHandler.java

@@ -21,6 +21,7 @@
 import org.gradle.internal.IoActions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.Constructor;
 
@@ -64,7 +65,7 @@ SwiftDeps parse(File moduleSwiftDeps) throws FileNotFoundException {
         return IoActions.withResource(new FileInputStream(moduleSwiftDeps), new Transformer<SwiftDeps, FileInputStream>() {
             @Override
             public SwiftDeps transform(FileInputStream fileInputStream) {
-                Yaml yaml = new Yaml(new Constructor(SwiftDeps.class));
+                Yaml yaml = new Yaml(new Constructor(SwiftDeps.class, new LoaderOptions()));
                 return yaml.loadAs(fileInputStream, SwiftDeps.class);
             }
         });
@@ -86,7 +87,7 @@ private void write(File moduleSwiftDeps, final SwiftDeps swiftDeps) {
             public void execute(BufferedWriter bufferedWriter) {
                 // Rewrite swiftc generated YAML file with our understanding of the current state of
                 // swift sources. This doesn't use Yaml.dump because snakeyaml produces a YAML file
-                // that swiftc cannot read. 
+                // that swiftc cannot read.
                 PrintWriter pw = new PrintWriter(bufferedWriter);
                 pw.println("version: \"" + swiftDeps.version + "\"");
                 pw.println("options: \"" + swiftDeps.options + "\"");