Bump Jackson from 2.14.2 to 2.15.0+ in OpenSearch 1.3.x

[ssu2-atl]

Describe the bug

1.3.x is currently using Jackson 2.14.2. Jackson 2.14.2 is affected by https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538.
Bumping to 2.15.0+ would help with addressing issues raised by security scanners that consider OpenSearch 1.3.x as affected.

Related component

Libraries

To Reproduce

Check Jackson version on the latest 1.3 branch.

Expected behavior

1.3.x is using Jackson 2.15.0+

Additional Details

Additional context
#7286 (which bumps Jackson to 2.15.0) has been merged to future releases

Questions

Is OpenSearch 1.3.x affected by this VULN (https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)?

[ssu2-atl]

Tried backporting the PR but experienced issues with gradle, as Jackson 2.15 is a multi-release jar and the gradle version (6.6.1 on OS 1.3) doesn't handle that
#16032 (comment)

[ssu2-atl]

Tried backporting the PR but experienced issues with gradle, as Jackson 2.15 is a multi-release jar and the gradle version (6.6.1 on OS 1.3) doesn't handle that #16032 (comment)

Gradle 7.6.4 handles multi-release jars, however #1657 (comment) notes that:

As per discussion opensearch-project/opensearch-build#1247, the decision was taken to keep 1.x on Gradle 6.x in order to not disrupt the plugin developers.

[peternied]

@ssu2-atl Thanks for creating this - we are looking into this issue

[ssu2-atl]

@peternied any updates 😄 I think 1.3.20 is still using jackson 2.14.2

[peternied]

@sandeshkr419 Could you provide more details for @ssu2-atl ?