[gopkg.in/yaml.v2] yaml package for Go can consume excessive amounts of CPU or memory

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-3064
• https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
• https://github.com/go-yaml/yaml/releases/tag/v2.2.4
• https://pkg.go.dev/vuln/GO-2022-0956
• https://github.com/advisories/GHSA-6q6q-88xp-6f2r