Update json-smart dependency in apoc-extended to address CVE vulnerability

[therajnishraj]

The apoc-extended jar currently bundles an older version of the json-smart library. This older version contains a known security vulnerability (e.g., CVE-2021-27568).

When inspecting the jar, the following was found:

apoc-extended-5.26.1.jar!/META-INF/maven/net.minidev/json-smart/

This indicates that an outdated json-smart dependency is shaded inside the APOC extended distribution.

Impact

Projects using apoc-extended inherit the vulnerable json-smart version, which may expose them to potential security risks flagged by scanners.

Expected Behavior

apoc-extended should use the latest compatible json-smart version (currently 2.5.0) to remove the vulnerability.

Steps to Reproduce

Add the following dependency in Maven:

org.neo4j.procedure apoc-extended 5.26.1

Build and check the apoc-extended jar.

Observe that json-smart is present in META-INF/maven/net.minidev/json-smart/ with an outdated version.

Suggested Fix

Update the dependency version of json-smart to the latest stable release (2.6.0).

Release a patched version of apoc-extended.