chore: upgrading vulnerable packages

[trutx]

Hey, I just made a Pull Request!

Description

This PR upgrades a couple of packages affected by some vulnerabilities.

Jackson packages depend on org.yaml:snakeyaml which is affected by CVE-2022-1471, while spring-expression package is affected by CVE-2023-20863. The packages this PR upgrades to have these vulnerabilities fixed.

There is a side effect: in spring-framework v5.3.27 they also introduced a SpEL expression length limit of 10000 characters. There are a couple of occurrences where we use Strings.repeat(foo, 1024) which generates a too long SpEL. I'm reducing that to 512, which makes string-framework happy again but is still over the 256 limit we have set for our tests, meaning the expectedErrors are still the same and hence tests pass.

Motivation and Context

Resolving vulnerabilities.

Have you tested this? If so, how?

No new features, just fix version upgrades so current tests are valid.

Checklist for PR author(s)

• [x] Changes are covered by unit test
• [x] All tests pass
• [x] Code coverage check passes
• [x] Error handling is tested
• [x] Errors are handled at the appropriate layer
• [x] Errors that cannot be handled where they occur are propagated
• [ ] (optional) Changes are covered by system test
• [ ] Relevant documentation updated
• [x] This PR has NO breaking change to public API
• [ ] This PR has breaking change to public API and it is documented

Checklist for PR reviewer(s)

• [ ] This PR has been incorporated in release note for the coming version
• [ ] Risky changes introduced by this PR have been all considered