From e768fa888368d2d3134431694b2b97676ee9ffba Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 23 Apr 2026 02:20:14 +0000
Subject: [PATCH] fix(security): pin snakeyaml to 2.2 (CVE-2022-1471)

Co-Authored-By: Achal Channarasappa <achal.channarasappa@cognition.ai>
---
 pom.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pom.xml b/pom.xml
index fc5bfeac..a2235ea6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,6 +29,15 @@
 	<properties>
 		<java.version>17</java.version>
 	</properties>
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.yaml</groupId>
+				<artifactId>snakeyaml</artifactId>
+				<version>2.2</version>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
 	<dependencies>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>