You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.
Currently, the Jackson version bundled with jersey is vulnerable to Sonatype-2022-6438. See FasterXML/jackson-core#861 (Jackson is a transitive dependency)
This is currently under discussion here eclipse-ee4j/jersey#5283 but it is unclear when that will be resolved
Sadly, due to this vulnerability , we cannot use prettier-plugin-apex in our environment because this dependency is pulling Jackson 2.14.1
Would you be open to temporarily overwrite the version of Jackson?
We should be able to exclude it from jetty and define Jackson 2.15 explicitly
Hello! Yes I'd welcome PR to fix this. Please understand that if the transitive dependency explicit version does not work with all the tests on the Prettier Apex side (because it looks like jersey itself has some issue upgrading to the new version), then I won't be able to merge them.
Hello! Yes I'd welcome PR to fix this. Please understand that if the transitive dependency explicit version does not work with all the tests on the Prettier Apex side (because it looks like jersey itself has some issue upgrading to the new version), then I won't be able to merge them.
Currently, the Jackson version bundled with jersey is vulnerable to Sonatype-2022-6438. See FasterXML/jackson-core#861 (Jackson is a transitive dependency)
This is currently under discussion here eclipse-ee4j/jersey#5283 but it is unclear when that will be resolved
Sadly, due to this vulnerability , we cannot use prettier-plugin-apex in our environment because this dependency is pulling Jackson
2.14.1
Would you be open to temporarily overwrite the version of Jackson?
We should be able to exclude it from jetty and define Jackson 2.15 explicitly
https://github.com/dangmai/apex-ast-serializer/blob/master/build.gradle#L117
Current dependency tree:
We can volunteer and send a pull request with that change if accepted
The text was updated successfully, but these errors were encountered: