fix: upgrade jackson-bom to 2.13.5 to remediate CVE-2022-42003

[devin-ai-integration]

Summary

Fixes CVE-2022-42003 (CVSS 7.5) — a Denial of Service vulnerability in jackson-databind:2.13.1 triggered by deeply nested objects when UNWRAP_SINGLE_VALUE_ARRAYS is enabled.

Spring Boot 2.6.3 manages jackson transitively via the Jackson BOM. Rather than upgrading the entire Spring Boot parent (which risks broader breaking changes), this PR pins the BOM version:

ext['jackson-bom.version'] = '2.13.5'

This overrides the Spring Boot-managed resolution, bumping jackson-databind from 2.13.1 → 2.13.5 across all transitive paths.

Closes #152

Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/fa9a55edcb6e4d97ad669e44f5ea5c8e

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring