How to parse line-delimited JSON without using String class?

Question

I am using RestTemplate.exchange to get data from a URI. I have no control over how the JSON is returned, and for unknown reasons it happens to be line-delimited JSON (also called JSON Lines, dljson, JSONL):

{}\n
{}\n
{}

This is using Spring Boot version 2.1.6. Updating might become an option, but not soon. I have a method that parses it very nicely into a list of objects:

String dataFile = response.getData().getDataFile();
    RestTemplate restTemplate = new RestTemplate();

    MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter();
    mappingJackson2HttpMessageConverter.setSupportedMediaTypes(Arrays.asList(MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM));
    restTemplate.getMessageConverters().add(mappingJackson2HttpMessageConverter);
    ResponseEntity<String> responseEntity = restTemplate.exchange(new URI(dataFile), HttpMethod.GET, new HttpEntity<>(new HttpHeaders()), String.class);

    ObjectMapper mapper = new ObjectMapper();
    mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true);
    MappingIterator<TheDataObject> jrParser = mapper.readerFor(TheDataObject.class).readValues(responseEntity.getBody());
    ArrayList<TheDataObject> theList = new ArrayList<>();
    while(jrParser.hasNextValue()) {
        theList.add(jrParser.nextValue());
    }
    return theList;

I would leave it at this, but Coverity condemns the use of the String class in ResponseEntity<String>, stating that trusting such a string, allows for an attack vector.

How do I set the ObjectMapper to do what it's doing before the exchange call?

Addition: Here's everything Coverity says about it:

1. tainted_source: org.springframework.http.HttpEntity.getBody() returns data from a network socket.

CID #: Unsafe deserialization (UNSAFE_DESERIALIZATION)2. sink: A tainted value (java.lang.String)responseEntity.getBody() is deserialized. This may allow an attacker to bypass security checks or execute arbitrary code.

If possible, use pure data formats such as JSON or XML to serialize and deserialize untrusted data. Otherwise, if you must use native serialization methods, check the integrity of the data (for example with HMAC) before deserializing it.