feat(druid): update advisory for GHSA-h46c-h94j-95f3 (#20789)

* feat(druid): update advisory for GHSA-h46c-h94j-95f3

Signed-off-by: Francesco Bartolini <[email protected]>

* fix: typo

Signed-off-by: Francesco Bartolini <[email protected]>

---------

Signed-off-by: Francesco Bartolini <[email protected]>

Author: efbar

druid.advisories.yaml

@@ -1115,6 +1115,10 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/share/java/druid/extensions/druid-deltalake-extensions/hadoop-client-runtime-3.3.4.jar
             scanner: grype
+      - timestamp: 2025-07-02T10:09:06Z
+        type: pending-upstream-fix
+        data:
+          note: 'Jackson-core is pinned at 2.12.7 for this Druid tagged version: https://github.com/apache/druid/blob/druid-33.0.0/licenses.yaml#L226. We need to wait for upstream to bump it in order to fix this vulnerability.'
 
   - id: CGA-w2gp-wc62-wqxq
     aliases: