Fix vulnerabilities in org.eclipse.jdt.core and parsson

[ckunki]

• org.eclipse.jdt:org.eclipse.jdt.core:jar:3.33.0 in compile
  • CVE-2023-4218, severity CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (5.0)
• org.eclipse.parsson:parsson:jar:1.1.1 in runtime
  • CVE-2023-4043, severity CWE-20: Improper Input Validation (7.5)

Fixed version for org.eclipse.jdt:org.eclipse.jdt.core is not yet available (current version 4.35.0 is still vulnerable), see current PR https://github.com/exasol/error-code-crawler-maven-plugin/pull/96

See list of current versions for org.eclipse.jdt.core: https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jdt/org.eclipse.jdt.core

Note

Dependency org.eclipse.jdt:org.eclipse.jdt.core does not provide a fixed version for Java 11. That's why we updated the build to Java 17 and incremented the major version as this is a breaking change. Users of the plugin will need to run the Maven build with Java 17 from now on.