Bump com.upokecenter:cbor dependency to minimum version 4.5.2

Version 4.0.1 has known vulnerabilities and gets resolved to by transitive
exact-version dependencies; this forces a minimum version despite those
exact-version transitive dependencies.

See: GHSA-fj2w-wfgv-mwq6

Author: emlun

NEWS

@@ -1,3 +1,11 @@
+== Version 1.12.2 (unreleased) ==
+
+Fixes:
+
+* `com.upokecenter:cbor` dependency bumped to minimum version 4.5.1 due to a
+  known vulnerability, see: https://github.com/advisories/GHSA-fj2w-wfgv-mwq6
+
+
 == Version 1.12.1 ==
 
 Fixes:

build.gradle

@@ -51,7 +51,7 @@ dependencies {
     api('com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:[2.11.0,3)')
     api('com.fasterxml.jackson.datatype:jackson-datatype-jdk8:[2.11.0,3)')
     api('com.google.guava:guava:[24.1.1,31)')
-    api('com.upokecenter:cbor:[4.0.1,5)')
+    api('com.upokecenter:cbor:[4.5.1,5)')
     api('javax.ws.rs:javax.ws.rs-api:[2.1,3)')
     api('javax.xml.bind:jaxb-api:[2.3.0,3)')
     api('junit:junit:[4.12,5)')