Vulnerability in snakeyaml

[moeshue]

Is this a support request?
This issue tracker is maintained by LaunchDarkly SDK developers and is intended for feedback on the SDK code. If you're not sure whether the problem you are having is specifically related to the SDK, or to the LaunchDarkly service overall, it may be more appropriate to contact the LaunchDarkly support team; they can help to investigate the problem and will consult the SDK team if necessary. You can submit a support request by going here or by emailing support@launchdarkly.com.

Note that issues filed on this issue tracker are publicly accessible. Do not provide any private account information on your issues. If your problem is specific to your account, you should submit a support request as described above.

Describe the bug
It's not a bug but just a vulnerability, and we cannot override snakeyaml's version since it's wrapped in the jar

To reproduce
https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

Expected behavior
snakeyaml is upgraded to 1.31

Logs
If applicable, add any log output related to your problem.

SDK version
latest 5.10.0

Language version, developer tools
Java

OS/platform
For instance, Ubuntu 16.04, Windows 10, or Android 4.0.3. If your code is running in a browser, please also include the browser type and version.

Additional context
Add any other context about the problem here.

[eli-darkly]

Thanks. We should be able to put out a patch release shortly.

[eli-darkly]

Fixed in the 5.10.1 release.

[moeshue]

Fixed in the 5.10.1 release.

Thank you so much!