fix: enforce stream read/write constraints to prevent excessive nesting

Author: daniel-kmiecik

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/ObjectMapperFactory.java

@@ -3,7 +3,9 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonFactoryBuilder;
+import com.fasterxml.jackson.core.StreamReadConstraints;
 import com.fasterxml.jackson.core.StreamReadFeature;
+import com.fasterxml.jackson.core.StreamWriteConstraints;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
@@ -36,6 +38,14 @@ private static ObjectMapper create(JsonFactory jsonFactory, boolean includePathD
         mapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
         mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
 
+        // Configure stream constraints for deep nesting
+        mapper.getFactory().setStreamReadConstraints(
+            StreamReadConstraints.builder().maxNestingDepth(5000).build()
+        );
+        mapper.getFactory().setStreamWriteConstraints(
+            StreamWriteConstraints.builder().maxNestingDepth(5000).build()
+        );
+
         return mapper;
     }