fix: fixed critical vuln

pom.xml

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <groupId>io.snyk.plugins</groupId>
@@ -108,10 +109,17 @@
 
   <dependencyManagement>
     <dependencies>
+      <!-- Override the logback-classic version introduced by artifactory-papi -->
       <dependency>
         <groupId>org.artifactory</groupId>
         <artifactId>artifactory-papi</artifactId>
         <version>${version.artifactory.api}</version>
+        <exclusions>
+          <exclusion>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>com.google.code.findbugs</groupId>
@@ -138,6 +146,12 @@
         <artifactId>jackson-annotations</artifactId>
         <version>${jackson-annotations.version}</version>
       </dependency>
+      <!-- Add a safe version of logback-classic as an override -->
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>1.2.0</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -153,4 +167,4 @@
       <url>https://releases.jfrog.io/artifactory/jcenter/</url>
     </repository>
   </repositories>
-</project>
+</project>