submarine uses a non OSS friendly version of org.json jar

[pjfanning]

https://github.com/apache/submarine/blob/246ecee0706cad8cfa6a66006a7005c67ae235da/pom.xml#L135

See https://www.apache.org/legal/resolved.html (JSON license section)

Could you upgrade to a newer version? And these versions have security fixes too.

Since late 2022, this jar is now properly in the public domain.

[cdmikechen]

@pjfanning Thanks for that, I'll fix it this weekend