Use constant for Jackson version

project/Dependencies.scala

@@ -24,6 +24,10 @@ object Dependencies {
 
   val JwtCoreVersion = "3.0.1"
 
+  // Releases https://github.com/FasterXML/jackson-databind/releases
+  // CVE issues https://github.com/FasterXML/jackson-databind/issues?utf8=%E2%9C%93&q=+label%3ACVE
+  val JacksonDatabindVersion = "2.9.9"
+
   // Allows to silence scalac compilation warnings selectively by code block or file path
   // This is only compile time dependency, therefore it does not affect the generated bytecode
   // https://github.com/ghik/silencer
@@ -57,8 +61,8 @@ object Dependencies {
   val AwsLambda = Seq(
     libraryDependencies ++= Seq(
         "software.amazon.awssdk" % "lambda" % AwsSdk2Version, // ApacheV2
-        // overriding AWS SDK version to avoid https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
-        "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9",
+        // overriding AWS SDK version to avoid security issues
+        "com.fasterxml.jackson.core" % "jackson-databind" % JacksonDatabindVersion,
         "org.mockito" % "mockito-core" % mockitoVersion % Test // MIT
       )
   )
@@ -129,7 +133,7 @@ object Dependencies {
     libraryDependencies ++= Seq(
         "org.elasticsearch.client" % "elasticsearch-rest-client" % "6.3.1", // ApacheV2
         "io.spray" %% "spray-json" % "1.3.5", // ApacheV2
-        "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9", // ApacheV2
+        "com.fasterxml.jackson.core" % "jackson-databind" % JacksonDatabindVersion, // ApacheV2
         "org.codelibs" % "elasticsearch-cluster-runner" % "6.3.1.0" % Test, // ApacheV2
         "org.slf4j" % "jcl-over-slf4j" % "1.7.25" % Test
       )
@@ -170,7 +174,7 @@ object Dependencies {
         Seq(
           "com.chuusai" %% "shapeless" % "2.3.3",
           // overriding version from geode to avoid some security vulnerabilities
-          "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9",
+          "com.fasterxml.jackson.core" % "jackson-databind" % JacksonDatabindVersion,
           "org.slf4j" % "log4j-over-slf4j" % slf4jVersion % Test // MIT like: http://www.slf4j.org/license.html
         )
     )
@@ -269,7 +273,7 @@ object Dependencies {
         "com.github.jsurfer" % "jsurfer" % "1.4.3", // MIT,
         "com.github.jsurfer" % "jsurfer-jackson" % "1.4.3", // MIT
         // overriding version from jsurfer-jackson to avoid some security vulnerabilities
-        "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9"
+        "com.fasterxml.jackson.core" % "jackson-databind" % JacksonDatabindVersion
       )
   )
 
@@ -368,8 +372,8 @@ object Dependencies {
           ExclusionRule("software.amazon.awssdk", "apache-client"),
           ExclusionRule("software.amazon.awssdk", "netty-nio-client")
         ),
-        // overriding AWS SDK version to avoid https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
-        "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9",
+        // overriding AWS SDK version to avoid security issues
+        "com.fasterxml.jackson.core" % "jackson-databind" % JacksonDatabindVersion,
         "com.typesafe.akka" %% "akka-http" % AkkaHttpVersion, // ApacheV2
         "org.mockito" % "mockito-core" % mockitoVersion % Test // MIT
       )
@@ -401,8 +405,8 @@ object Dependencies {
           ExclusionRule("software.amazon.awssdk", "apache-client"),
           ExclusionRule("software.amazon.awssdk", "netty-nio-client")
         ),
-        // overriding AWS SDK version to avoid https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
-        "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9",
+        // overriding AWS SDK version to avoid security issues
+        "com.fasterxml.jackson.core" % "jackson-databind" % JacksonDatabindVersion,
         "com.typesafe.akka" %% "akka-http" % AkkaHttpVersion, // ApacheV2
         "org.mockito" % "mockito-core" % mockitoVersion % Test, // MIT
         "org.mockito" % "mockito-inline" % mockitoVersion % Test // MIT