Bump up Scalatra version to pull latest dependencies

Scalatra 2.5.0 is pulling in outdated libraries, namely log4j:1.2.14 which possesses security concerns:

"Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Users are advised to migrate to `org.apache.logging.log4j:log4j-core` remediation: No fix is known for this vulnerability"

The latest Scalatra 2.7.1 version no longer depends on this dangerous library