CVE dependency patches and minors

[KatKovacs1]

JIRA link (if applicable)

https://tools.hmcts.net/jira/browse/SSCSCI-795

Change description

CVE-2023-35116 Added version 2.16.0 to existing com.fasterxml.jackson dependencies

CVE-2023-5072 Bumped the existing dependency to latest version

CVE-2022-1471, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 Upgrading snakeyaml to recommended version (2.0) is a major, so added a new dependency to upgrade to version 1.33, this leaves only CVE-2022-1471.

CVE-2023-33202 org.bouncycastle:bcprov-jdk15on doesn't have the recommended 1.73 version and has moved to bcpkix-jdk18on. Merged renovate PR Update Spring All #1408. That patched existing dependency of org.springframework.cloud:spring-cloud-starter-openfeign to version 3.1.9 and that uses version 1.73 of bcpkix-jdk18on.

CVE-2023-34055 Merged renovate PR Update Spring All #1408. This patched spring-boot to recommended 2.7.18

CVE-2023-34042 org.springframework.security:spring-security-crypto is a transitive dependency and patching spring-boot to 2.7.18 fixes this CVE

CVE-2023-6378, CVE-2023-6481 Added new dependency set as existing dependency upgrades didn't fix the CVEs.

Does this PR introduce a breaking change? (check one with "x")

[ ] Yes
[x] No