bump jackson version

Author: frantuma

pom.xml

@@ -120,7 +120,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-databind</artifactId>
-                <version>${jackson-version}</version>
+                <version>${jackson-databind-version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
@@ -257,7 +257,12 @@
         <swagger-codegen-version>3.0.34-SNAPSHOT</swagger-codegen-version>
         <swagger-parser-version>2.0.30</swagger-parser-version>
         <swagger-core-version>2.1.13</swagger-core-version>
-        <jackson-version>2.12.1</jackson-version>
+        <jackson-version>2.13.2</jackson-version>
+        <!--
+          jackson-databind 2.13.2 is still affected by CVE-2020-36518.
+          This version pin for jackson-databind can be removed when bumping jackson to 2.14
+          -->
+        <jackson-databind-version>2.13.2.2</jackson-databind-version>
         <scala-version>2.11.1</scala-version>
         <felix-version>3.3.0</felix-version>
         <commons-io-version>2.11.0</commons-io-version>