Upgraded the Jackson version to address CVE vulnerabilities from jackson-databind

[sumi-mathew]

Description

To address the CVE issues related to jackson-databind (CVE-2022-42003), upgraded the version of Jackson from 2.11.0 to 2.13.5.

Motivation and Context

The motivation for fixing CVEs in Jackson-databind primarily arises from the identification of security vulnerabilities that could be exploited by attackers. Jackson-databind is a widely used library in Java applications for processing JSON data. Given its extensive adoption, vulnerabilities in this library pose significant risks across numerous applications. Fixing these issues is crucial to protecting the broader ecosystem.

Impact

Image scan showed the vulnerability has been removed(CVE-2022-42003).
Image scan report after fix:
jacson_databind.csv

Test Plan

Contributor checklist

• Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security
* Fix provided for the CVE-2022-42003 :pr:`23752`
* Upgrade the version of jackson from 2.11.0 to 2.13.5  :pr:`23752`

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: sumi-mathew (95e1249)

[elharo]

Oh joy., Another security bug in jackson. In other news, grass is green and water is wet. I wish projects, Presto included, would just stop using this library.

[elharo]

Why not a later version? e.g. 2.17.1?

[sumi-mathew]

Resolved as part of PR: #23753