Bump jackson → 2.21/2.21.2, snakeyaml → 2.6, commons-lang3 → 3.20.0, msf4j → 2.8.14-SNAPSHOT

[gayaldassanayake]

NOTE - Bump msf4j version after msf4j release

Summary

• jackson-annotations: 2.18.6 → 2.21 (split into dedicated property; 2.21.2 does not exist for annotations artifact)
• jackson-core / jackson-databind / jackson-datatype-joda / jackson-jaxrs-json-provider: 2.18.6 → 2.21.2 (fixes CVE-2025-52999 & GHSA-72hv)
• snakeyaml: 2.2 → 2.6 (bundle version: 2.2.0 → 2.6.0)
• commons-lang3: 3.17.0 → 3.20.0 (fixes CVE-2025-48924, fixed in 3.18.0)
• msf4j: 2.8.7 → 2.8.14-SNAPSHOT

Part of the SI 4.3.2 release dependency bump cycle.

Test plan

• mvn clean install -DskipTests passes with Java 11 (all 30 modules SUCCESS)
• OSGi integration tests pass in CI

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3c4fbede-9d96-4577-a531-526712649f06

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}