Exclude/replace plugins that are part of gradle distribution

I am using gradle wrapper to build my spring boot applications. We recently integrated an SCA tool to find open source vulnerabilities in our code. The tool (whitesource in our case) scans the gradle distribution folder too (.gradle/wrapper/dists/gradle-6.6.1-bin/du4tvj86lhti6iga1v8h7pckb/gradle-6.6.1/lib/plugins/). Here it is complaining about two jars that are identified as high priority vulnerabilities:

  1. snakeyaml-1.17.jar
  2. google-oauth-client-1.25.0.jar

When I run ./gradlew dependencies in the project, the snakeyaml dependency is present but the version is 1.26 (as opposed to 1.17 that seems to have the vulnerability). I can see that the jar is present in the gradle distribution plugins folder. The google-oauth-client dependency is not present in the project at all.
Is there a way I can exclude/replace these dependencies in the gradle distribution plugins folder?

Found any solution ? To my mind it isn’t updatable/replaceable. I think the /lib/plugins directory is part of gradle and we need to wait for an update from their side