MLE-29880 and MLE-29897 Update dependencies to address security vulnerabilities

[rjdew-progress]

This pull request updates the version of the jackson-dataformat-csv dependency listed in the NOTICE.txt file to reflect the use of version 2.21.3 instead of 2.20.2.

Dependency version update:

• Updated Kafka version to 4.3.0
• Updated jackson-dataformat-csv from version 2.20.2 to 2.21.3 in the NOTICE.txt file to ensure accurate documentation of third-party dependencies. [1] [2]

[Copilot]

Pull request overview

Updates dependency versions in the Gradle build (and aligns third-party notices) to address reported security vulnerabilities in the Kafka MarkLogic connector project.

Changes:

• Bumped Kafka dependency version (kafkaVersion) from 4.1.1 to 4.3.0.
• Bumped jackson-dataformat-csv from 2.20.x to 2.21.3 in build.gradle.
• Updated NOTICE.txt to list jackson-dataformat-csv as 2.21.3.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File	Description
NOTICE.txt	Updates the documented third-party dependency version for jackson-dataformat-csv to 2.21.3.
build.gradle	Updates Kafka version to 4.3.0 and jackson-dataformat-csv to 2.21.3.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[rjrudin]

I wouldn't update this file, it's all going to get changed when it's generated via Black Duck.

[rjdew-progress]

Okay. I've reverted it.

[rjrudin]

One thing I try to do with Jackson is ensure everyone's on the same version of it. That may be more difficult here because the connector depends on DH, but it's worth considering a top-level constraint on Jackson to ensure any dependency in this package is on 2.21.3.

[rjrudin]

I wouldn't update this file, it's all going to get changed when it's generated via Black Duck.