CVE-2017-18640 in SnakeYaml (transitive dependency)

[wattdave]

jackson-dataformat-yaml 2.10.1 depends on SnakeYaml, all of whose versions have been reported vulnerable to CVE-2017-18640. It seems that SnakeYaml isn't going to be patched. Its author is encouraging people to move to SnakeYaml Engine instead. Jackson has started that process... https://github.com/FasterXML/jackson-dataformats-text/tree/master/yaml