[Aikido] Fix critical issue in hibernate-core via major version upgrade from 3.6.10 to 5.1.17

[aikido-autofix]

$TASK_REF

Upgrade Hibernate Core to mitigate critical XXE vulnerability enabling potential remote code execution and XML external entity attacks.

✅ Code not affected by breaking changes.

No breaking changes from the dom4j upgrade affect this codebase directly. The codebase does not contain any direct imports or usage of dom4j classes - it's only used internally by Hibernate 3.6.10.Final as a transitive dependency.

While the changelog mentions that dom4j 2.0.0 requires Java 5+ (previously supported earlier versions), this project already targets Java 8, so this requirement is satisfied.

Note: Although this analysis shows low risk for direct code impact, upgrading dom4j independently from Hibernate could potentially cause runtime issues with Hibernate's internal XML parsing. It's recommended to test thoroughly or consider upgrading Hibernate to a version that officially supports dom4j 2.x.

✅ 1 CVE resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2020-10683	🚨 CRITICAL	[hibernate-core] dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.