Elasticsearch 5 is very old and is no longer maintained.
We have never tested running Elasticsearch 5.6 with any version of SnakeYaml other than the one that it shipped with. It might work, but there are no guarantees.
If you care about resolving vulnerabilities then you need to migrate to a maintained version of Elasticsearch. No one is patching vulnerabilities in Elasticsearch 5 (or 6) anymore.