Update snakeyaml to version 2.0

[rishabhmaurya]

Issue #, if available:

Snakeyaml released the version 2.0 which also addresses the GHSA-mjmj-j48q-9wg2.

Description of changes:
Similar to opensearch-project/OpenSearch#5576
CheckList:

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[rishabhmaurya]

I was able to verify build which is passing locally, so we can ignore GH action failures here -

➜  index-management git:(rishma-snakeyml-2.6) ./gradlew assemble -Dbuild.snapshot=false
=======================================
OpenSearch Build Hamster says Hello!
  Gradle Version        : 7.4.2
  OS Info               : Mac OS X 13.3.1 (x86_64)
  JDK Version           : 17 (Amazon Corretto JDK)
  JAVA_HOME             : /Users/rishma/Library/Java/JavaVirtualMachines/corretto-17.0.3/Contents/Home
  Random Testing Seed   : 9BA48F49A807E26D
  In FIPS 140 mode      : false
=======================================
<===----------> 24% EXECUTING [43s]
<===----------> 24% EXECUTING [44s]

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.4.2/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 1m 6s
16 actionable tasks: 16 executed

[rishabhmaurya]

There is another transitive dependency of snakeyml coming from opensearch build still causing Whitesource security check failure -

[CVE-2022-1471](https://www.mend.io/vulnerability-database/CVE-2022-1471)
Path to dependency file: /spi/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Dependency Hierarchy:

-> opensearch-2.6.1-SNAPSHOT.jar (Root Library)

   -> opensearch-x-content-2.6.1-SNAPSHOT.jar

     -> ❌ snakeyaml-1.33.jar (Vulnerable Library)

This needs to be fixed in opensearch build

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-817-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 27bd737988b4e6ee4258bf3bc1776e642f43a0f6
# Push it to GitHub
git push --set-upstream origin backport/backport-817-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-817-to-1.x.