Upgrade to snakeyaml 1.32

[bbindreiter]

snakeyaml 1.31 has a direct vulnerability CVE-2022-38752, that is fixed in 1.32.

Please update so artifacts downstream can be fixed as well.

Thank you very much!

[cowtowncoder]

Already done by #335 but there's a BIG problem with 1.32 wrt its added maximum document size limitation (as low as 3 megs) -- so upgrade will only be done for Jackson 2.14.0; we need to expose configurability to allow users to increase this limit.

Earlier versions can and need to locally override SnakeYAML dependency to 1.32 (and whatever).

[bbindreiter]

Thanks for the insights 👍 Closing this then.