Update jackson dependencies due to CVE-2020-36518

[brunchboy]

We are having to update our own dependencies because of a vulnerability in jackson-databind and this project is one of our direct dependencies which led to it being included in the first place, so you may want to update your jackson versions as well.

https://nvd.nist.gov/vuln/detail/CVE-2020-36518

[joschi]

Dropwizard Metrics 4.2.x is already using Jackson 2.12.7 which is not affected by this vulnerability.

• https://github.com/dropwizard/metrics/blob/v4.2.10/metrics-json/pom.xml#L20
• https://github.com/dropwizard/metrics/blob/v4.2.10/metrics-servlets/pom.xml#L23
• https://github.com/dropwizard/metrics/blob/v4.2.10/metrics-jakarta-servlets/pom.xml#L23

We won't upgrade the Jackson version in Dropwizard Metrics 4.1.x, but you can override the version of Jackson being used in your project by adding the respective artifacts into the <dependencies> or <dependencyManagement> section of your POM or the equivalents of your build system.