Upgrade AWS SDK v2 to 2.30 and other dependencies to fix high CVEs

[ezhang6811]

Issue #, if available:

Description of changes:
The daily scan workflow detected several CVEs. This PR upgrades the offending dependencies to resolve them.

Dependency upgrades

• Jackson BOM 2.12.0 → 2.18.6
  • Fixes Trivy HIGH: CVE-2025-52999, GHSA-72hv-8253-57qq
  • Fixes DC: CVE-2020-36518, CVE-2022-42003, CVE-2022-42004, CVE-2020-25649, CVE-2021-46877, CVE-2025-49128
• AWS SDK v2 2.15.20 → 2.30.31
  • Eliminates all Trivy HIGH jackson findings from AWS SDK v2 transitive POMs (auth, aws-core, regions, sdk-core). AWS SDK v2 2.17+ internalized jackson, so it no longer contributes external jackson dependencies.
  • Added explicit jackson-core/jackson-databind dependencies to the v2 module since they're no longer provided transitively.
• Spring 5.3.18 → 5.3.39 (
  • Fixes DC: CVE-2024-22259, CVE-2023-20860, CVE-2023-20863, CVE-2023-20861, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970, CVE-2024-38808
  • 5.3.39 is the last public OSS release. Post-EOL CVEs (CVE-2025-41249, CVE-2025-41242, CVE-2024-38820, CVE-2025-22233) remain open — no public fix available and the SDK targets Java 8 (can't move to Spring 6.x).

Verification

Trivy HIGH scan verified locally: published to Maven local, extracted JARs, ran trivy fs with the trivyignore file. 0 high findings.
Modified an SQS test to match the JSON protocol expected by the MessageMD5ChecksumInterceptorin the mock response.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.