Presto JDBC driver needs to upgrade Jackson libraries to 2.16.0 due to various CVE's

[dqmdev]

Latest Presto JDBC driver (0.285) appears to still be using Jackson 2.10, which is old.

There are several well-publicized CVE's against this version of Jackson, notably:

1. com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS).
   PRISMA-2023-0067
   Add numeric value size limits via StreamReadConstraints (fixes sonatype-2022-6438) -- default 1000 chars FasterXML/jackson-core#827
   PRISMA-2023-0068
   Trim tokens in error messages to 256 byte to prevent attacks FasterXML/jackson-core#322
   PRISMA-2023-0069
   OutOfMemoryError when writing BigDecimal FasterXML/jackson-core#315

2. CVE-2023-35116: jackson-databind is vulnerable to denial of service, fixed in Jackson 2.16.0
   https://nvd.nist.gov/vuln/detail/CVE-2023-35116

[alileclerc]

hi @dqmdev - we'd be happy for you to open up a PR if you'd like to work on this and contribute it back to the community.

[Mariamalmesfer]

Resolved with this PR upgrading the Jackson dependencies: #23753

Also, GHSA-gx6w-fqg7-mc3p says that versions up to 2.15.2 are vulnerable so 2.15.4 should be fine.