snakeyaml-2.0 for 0.5?

[rossabaker]

Would it be possible to upgrade to snakeyaml-2.0 for the 0.5 release? There's a nuisance CVE on 1.33.

One question would be how much of the rest of the SBT ecosystem might use snakeyaml-1.x dependencies. 2.x drops some deprecated methods and is not binary compatible.