Snake-yaml version bump doesn't work in all situations

[PeterLaczko]

As aktona84 mentioned in this comment for release 2.1.3, snake-yaml's version is not bumped in swagger-parser-v3 without the version enforcement in the parent pom. Upgrading swagger-parser-v3 to the latest release (2.1.3) we still get version 1.30 for snake-yaml. Snake-yaml's version should be bumped in swagger-parser-v3's module.

I tested the problem creating a sample Hello World project with gradle. Then I added io.swagger.parser.v3:swagger-parser-v3:2.1.3 as a dependency.

build.gradle

plugins {
    id 'java'
}

group 'org.example'
version '1.0-SNAPSHOT'

repositories {
    mavenCentral()
}

dependencies {
    implementation 'io.swagger.parser.v3:swagger-parser-v3:2.1.3'
    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.1'
    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.1'
}

test {
    useJUnitPlatform()
}

After this short setup I ran the following command:
./gradlew dependencyInsight --dependency snakeyaml --configuration runtimeClasspath

I get the following dependency tree for snake-yaml:

org.yaml:snakeyaml:1.30
\--- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3
     +--- io.swagger.parser.v3:swagger-parser-v3:2.1.3 (requested com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.2)
     |    \--- runtimeClasspath
     +--- io.swagger.core.v3:swagger-core:2.2.3
     |    \--- io.swagger.parser.v3:swagger-parser-v3:2.1.3 (*)
     \--- com.fasterxml.jackson:jackson-bom:2.13.3
          +--- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3
          |    +--- io.swagger.core.v3:swagger-core:2.2.3 (*)
          |    \--- com.fasterxml.jackson:jackson-bom:2.13.3 (*)
          +--- com.fasterxml.jackson.core:jackson-core:2.13.3
          |    +--- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3 (*)
          |    +--- com.fasterxml.jackson:jackson-bom:2.13.3 (*)
          |    +--- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3 (*)
          |    \--- com.fasterxml.jackson.core:jackson-databind:2.13.3
          |         +--- io.swagger.parser.v3:swagger-parser-v3:2.1.3 (requested com.fasterxml.jackson.core:jackson-databind:2.13.2.2) (*)
          |         +--- io.swagger.core.v3:swagger-core:2.2.3 (*)
          |         +--- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3 (*)
          |         +--- com.fasterxml.jackson:jackson-bom:2.13.3 (*)
          |         \--- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3 (*)
          +--- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3 (*)
          +--- com.fasterxml.jackson.core:jackson-databind:2.13.3 (*)
          \--- com.fasterxml.jackson.core:jackson-annotations:2.13.3
               +--- io.swagger.parser.v3:swagger-parser-v3:2.1.3 (requested com.fasterxml.jackson.core:jackson-annotations:2.13.2) (*)
               +--- io.swagger.core.v3:swagger-core:2.2.3 (*)
               +--- io.swagger.core.v3:swagger-models:2.2.3
               |    +--- io.swagger.parser.v3:swagger-parser-v3:2.1.3 (*)
               |    +--- io.swagger.core.v3:swagger-core:2.2.3 (*)
               |    \--- io.swagger.parser.v3:swagger-parser-core:2.1.3
               |         \--- io.swagger.parser.v3:swagger-parser-v3:2.1.3 (*)
               +--- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3 (*)
               +--- com.fasterxml.jackson:jackson-bom:2.13.3 (*)
               \--- com.fasterxml.jackson.core:jackson-databind:2.13.3 (*)

[frantuma]

Thanks @PeterLaczko and @akatona84 for reporting this.

Fixed in #1825