Fix CVE-2026-29062: upgrade jackson-core to 3.1.0

Override jackson-bom.version (3.0.3 -> 3.1.0) and jackson-2-bom.version
(2.20.1 -> 2.21.1) to resolve nesting depth constraint bypass in
jackson-core (GHSA-6v53-7c9g-w56r).

Co-authored-by: Ona <no-reply@ona.com>

Author: meysholdt

pom.xml

@@ -24,6 +24,10 @@
     <webjars-bootstrap.version>5.3.8</webjars-bootstrap.version>
     <webjars-font-awesome.version>4.7.0</webjars-font-awesome.version>
 
+    <!-- Override jackson-bom versions to fix CVE-2026-29062 (GHSA-6v53-7c9g-w56r) -->
+    <jackson-bom.version>3.1.0</jackson-bom.version>
+    <jackson-2-bom.version>2.21.1</jackson-2-bom.version>
+
     <checkstyle.version>12.1.2</checkstyle.version>
     <jacoco.version>0.8.14</jacoco.version>
     <libsass.version>0.3.4</libsass.version>