Update Jackson, Wicket and then release 9.1.0

[erik-meuwese-topicus]

The update in the merged pull request #59 solves the following reported CVEs on these dependencies:

• commons-fileupload 1.4 CVE-2023-24998
• jackson-databind 2.12.5 CVE-2020-36518, CVE-2021-46877, CVE-2022-42003, CVE-2022-42004
• wicket-core 9.7.0 CVE-2024-27439

Would it be possible to update jackson to 2.17.1 and wicket to 9.18.0? It's an direct dependency of wiquery-core and CVE-2023-35116 is reported on jackson-databind 2.14.3

[INFO] org.wicketstuff.wiquery:wiquery-core:jar:9.1.0-SNAPSHOT
[INFO] +- org.apache.wicket:wicket-core:jar:9.18.0:compile
[INFO] |  +- com.github.openjson:openjson:jar:1.0.13:compile
[INFO] |  +- org.apache.wicket:wicket-request:jar:9.18.0:compile
[INFO] |  +- org.apache.wicket:wicket-util:jar:9.18.0:compile
[INFO] |  |  +- commons-fileupload:commons-fileupload:jar:1.5:compile
[INFO] |  |  +- commons-io:commons-io:jar:2.15.1:compile
[INFO] |  |  \- org.apache.commons:commons-collections4:jar:4.4:compile
[INFO] |  +- org.danekja:jdk-serializable-functional:jar:1.9.0:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.14.3:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.14.3:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-core:jar:2.14.3:compile

And then release a 9.1.0 version of the wicket-9 branch?

[xthiba]

@erik-meuwese-topicus in the meantime you can upgrade the mentioned dependencies for youself by adding the appropriate versions to your own pom.

the wicket-core dependecy you really should have in your own dependencies anyway.