Manage three last libraries in dx-core CVE report

commons-collections-3.1.jar

• via org.apache:jackrabbit-ocm:jar:2.0.0 (not maintained)
• check if any transitive commons-collections >= 3.2.2 drag in, otherwise manage the version in boms & sync with jackrabbit
  • other jackrabbit libs bring 3.2.2 => exclude from ocm to make sure we don't conflict
• re-check workflow functional

slf4j-ext-1.7.25

• exclude in org.testcontainers:testcontainers
• manage in pom, sync the version with current/other slf4j libs (1.7.30)

groovy-all-2.2.1.jar

• manage in boms, same version with groovy group
• upgrade in magnolia-dx-core-integration-tests

postgresql-42.1.4.jre7.jar: notified cloud teams.