Bump SnakeYAML from 1.19 to 1.26 to address CVE-2017-18640 (#207)

ssrm · web-flow · commit 6c87a65fa390 · 2020-09-02T17:44:44.000-07:00
The SDK only parses YAML if the application has configured the SDK with a flag data file. It's unlikely CVE-2017-18640 would affect SDK usage as it requires configuration and access to a local file.
diff --git a/build.gradle b/build.gradle
@@ -76,7 +76,7 @@ ext.versions = [
     "okhttp": "4.8.1", // specify this for the SDK build instead of relying on the transitive dependency from okhttp-eventsource
     "okhttpEventsource": "2.3.1",
     "slf4j": "1.7.21",
-    "snakeyaml": "1.19",
+    "snakeyaml": "1.26",
     "jedis": "2.9.0"
 ]
 

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ ext.versions = [`
`76`	`76`	`"okhttp": "4.8.1", // specify this for the SDK build instead of relying on the transitive dependency from okhttp-eventsource`
`77`	`77`	`"okhttpEventsource": "2.3.1",`
`78`	`78`	`"slf4j": "1.7.21",`
`79`		`- "snakeyaml": "1.19",`
	`79`	`+ "snakeyaml": "1.26",`
`80`	`80`	`"jedis": "2.9.0"`
`81`	`81`	`]`
`82`	`82`