From 6239603091be6af55c9459bb2baa1a272fa216a9 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Fri, 23 Sep 2022 09:50:09 -0600
Subject: [PATCH] Add snakeyaml 1.32 dependency until jackson is updated

The Jackson dataformat library depends on snakeyaml 1.31.  The snakeyaml
1.31 library has a vulnerability that is resolved in snakeyaml 1.32.
Include snakeyaml 1.32 as an explicit dependency until Jackson dataformat
is updated to use a newer snakeyaml library.
---
 plugin-management-library/pom.xml | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/plugin-management-library/pom.xml b/plugin-management-library/pom.xml
index bb7731f6..fe4d7a49 100644
--- a/plugin-management-library/pom.xml
+++ b/plugin-management-library/pom.xml
@@ -13,17 +13,6 @@
     <version>${revision}${changelist}</version>
     <packaging>jar</packaging>
 
-    <dependencyManagement>
-        <dependencies>
-            <!-- TODO: Remove when jackson dataformat snakeyaml dependency is at least 1.32 -->
-            <dependency>
-                <groupId>org.yaml</groupId>
-                <artifactId>snakeyaml</artifactId>
-                <version>1.32</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <dependencies>
         <dependency>
             <groupId>org.jenkins-ci</groupId>
@@ -76,6 +65,12 @@
             <artifactId>jackson-dataformat-yaml</artifactId>
             <version>2.13.4</version>
         </dependency>
+        <!-- TODO: Remove when jackson dataformat snakeyaml dependency is at least 1.32 -->
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.32</version>
+        </dependency>
         <dependency>
             <groupId>com.github.spotbugs</groupId>
             <artifactId>spotbugs-annotations</artifactId>