vertx-web-api-contract contains shaded dependencies with Critical CVE

[ncouse]

In vert.x 4.4.x, the vert-web-api-contract jar contains several shaded dependencies.

Among these is snakeyaml 1.33 that has a known Critical CVE (by NIST NVD ranking).

This issue has been resolved in snakeyaml 2.x, but not in the 1.x releases.

We discovered this in v4.4.4, but it is still an issue in 4.4.5.

It would also be preferable not to shade this dependency, if possible.