Upgrade jackson from 2.21.0 to 2.21.1 to fix GHSA-72hv-8253-57qq DoS vulnerability

[kycheng]

Summary

Upgrade jackson from 2.21.0 to 2.21.1 to address a known security vulnerability.

Vulnerability Details

• Advisory: GHSA-72hv-8253-57qq
• Also fixes: CVE-2025-52999 (DoS via deeply nested JSON / StackOverflowError, affects jackson-core < 2.15.0)
• Affected versions: jackson-core/databind < 2.18.6 or < 2.21.1
• Fixed in: 2.21.1 (current LTS line patch)
• CVSS: 8.7 (High) — Denial of Service, no authentication required

Changes

• pom.xml: bumped jackson.version from 2.21.0 → 2.21.1

Testing

• No logic changes; this is a dependency version bump only.
• All existing unit tests should continue to pass.

[sonar-review-alpha]

Summary

Single-line dependency bump fixing a high-severity DoS vulnerability in Jackson. Version 2.21.0 → 2.21.1 addresses GHSA-72hv-8253-57qq (deeply nested JSON can trigger StackOverflowError). No code logic changes — pure dependency upgrade.

What reviewers should know

What to verify:

• The pom.xml change is the only modification (✓ confirmed: single line)
• No code logic touches Jackson parsing or nesting logic (none changed)
• No breaking API changes in 2.21.1 patch release

Low review burden: This is a security patch within a minor version. If CI passes, this is ready to merge. The vulnerability fix is in Jackson's core JSON parsing — not something this repo needs to work around in code.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

Single-line version bump, no logic changes, quality gate passing. Safe to merge.

🗣️ Give feedback