Bump SnakeYAML and Expose Parse Options

[erichaberkorn]

I made this change in three commits because it demonstrates that this is a breaking change. All the tests pass on d590965 and bumping to SnakeYAML 1.26 on f385f74 (even though it is a minor version bump) causes the test to fail.

SnakeYAML 1.26 patches CVE-2017-18640, which resulted in LoaderOptions adding setMaxAliasesForCollections and setAllowRecursiveKeys to control the amount of aliases SnakeYAML will attempt to parse and whether it allows recursive keys. This PR exposes those options to parse-string via :max-aliases-for-collections and :allow-recursive-keys.

[borkdude]

@slipset I guess it would be useful to set up CircleCI and Github in such a way that it's easy to verify if a PR breaks tests.

[slipset]

@borkdude Looking through all the options, it seems like it should build PR's, but I can see that it doesn't.

[borkdude]

@slipset It seems the last build on master didn't do anything:

[erichaberkorn]

This is very strange. I have CircleCI setup on my fork and the checks are showing up properly there https://github.com/erichaberkorn/clj-yaml/commits/bump-snakeyaml

[borkdude]

@erichaberkorn Ah, that may be the issue. If you have your own CircleCI setup, then it won't run as a PR build probably.

[marcomorain]

LGTM

[marcomorain]

Let's change this assertion to thrown-with-msg? and check that the exception has the word Recursive in the message.

https://bitbucket.org/asomov/snakeyaml/src/1922347d615264c50041223ec2bd689906cbcb26/src/main/java/org/yaml/snakeyaml/constructor/BaseConstructor.java?at=master#lines-484

[marcomorain]

Let's change this assertion to thrown-with-msg? and check that the exception has the string "Number of aliases" in the message.

https://bitbucket.org/asomov/snakeyaml/src/1922347d615264c50041223ec2bd689906cbcb26/src/main/java/org/yaml/snakeyaml/composer/Composer.java?at=master#Composer.java-147