Bump jackson-core and logging-interceptor versions

[LevBernstein]

Description

Older versions of jackson-databind (part of jackson-core) and logging-interceptor are vulnerable to a variety of OWASP-acknowledged exploits, including CVE-2023-35116, CVE-2022-42004, CVE-2021-46877, and CVE-2023-0833. Both of those libraries are leveraged by duo_universal_java. This MR upgrades the dependencies to versions without those vulnerabilities.

I acknowledge that the security policy stipulates that vulnerabilities should be reported to Duo first; however, as this is an acknowledged (and patched) vulnerability in dependencies rather than the project's source code itself, I am simply opening an MR. Doing otherwise after I realized this issue exists would be security through obscurity, rather than actually solving the problem. Better to get this fixed ASAP.

Motivation and Context

duo_universal_java is currently open to a variety of exploits, including resource exhaustion, DOS, and XXE attacks. That is concerning. As a user (and enjoyer) of this project, I'd like to patch those vulnerabilities with this MR.

How Has This Been Tested?

All currently extant unit tests passed; beyond that, my ability to test is limited.

Types of Changes

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

[AaronAtDuo]

@LevBernstein Thank you for this PR. We definitely want to get vulnerable libraries updated. We do have dependabot monitoring this library, I'm curious why it didn't catch this....

This looks good to me and as soon as CI passes I'll get this merged.