Upgrade json-path to 2.9.0 due CVE-2023-1370

[denodo-research-labs]

Upgrade json-path to 2.9.0 due CVE-2023-1370. CVE-2023-1370 is in the transitive dependency json-smart 2.4.7.

Motivation and Context

Solve CVE of severity HIGH.

Contributor checklist

• [x] Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• [x] PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• [x] If release notes are required, they follow the release notes guidelines.
• [x] CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes
* Upgrade json-path to 2.9.0 due CVE-2023-1370 :pr:`23104`

[elharo]

Why/where do we use json-smart? It looks unmaintained and risky. Can we just remove/replace it?

[elharo]

Looks like we should be able to remove this dependency completely. Less dependencies --> less security bugs

[denodo-research-labs]

Why/where do we use json-smart? It looks unmaintained and risky. Can we just remove/replace it?

Code changes are needed, because without explicitly setting the mapping provider the default JsonSmartMappingProvider is used.

Testing should be done with other available mapping providers such as JacksonMappingProvider, GsonMappingProvider, or JakartaJsonProvider.