Skip to content

Commit

Permalink
3.x: Upgrade jackson to 2.18.1 (#9481)
Browse files Browse the repository at this point in the history
* Update Jackson to 2.18.1
* Update dep check suppression for jackson and graalvm
  • Loading branch information
barchetta authored Nov 8, 2024
1 parent 4899076 commit 9eb2e2e
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 14 deletions.
2 changes: 1 addition & 1 deletion dependencies/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@
<version.lib.hibernate-validator>7.0.5.Final</version.lib.hibernate-validator>
<version.lib.hikaricp>5.0.1</version.lib.hikaricp>
<version.lib.hystrix>1.5.18</version.lib.hystrix>
<version.lib.jackson>2.15.2</version.lib.jackson>
<version.lib.jackson>2.18.1</version.lib.jackson>
<version.lib.jakarta.activation-api>2.0.1</version.lib.jakarta.activation-api>
<version.lib.jakarta.annotation-api>2.0.0</version.lib.jakarta.annotation-api>
<version.lib.jakarta.cdi-api>3.0.0</version.lib.jakarta.cdi-api>
Expand Down
24 changes: 11 additions & 13 deletions etc/dependency-check-suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -166,23 +166,21 @@ https://github.com/jeremylong/DependencyCheck/issues/7019
<packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
<vulnerabilityName>CVE-2024-21211</vulnerabilityName>
</suppress>


<!--
This CVE is being disputed by the Jackson project and the community seems in agreement that this
CVE should be rejected. We are suppressing this for now to reduce noise in our scan and will
continue to monitor progress.
https://nvd.nist.gov/vuln/detail/CVE-2023-35116
https://github.com/FasterXML/jackson-databind/issues/3972
-->
<suppress>
<notes><![CDATA[
file name: jackson-databind-2.15.2.jar
file name: graal-sdk-22.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
<packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
<vulnerabilityName>CVE-2023-22045</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: graal-sdk-22.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal-sdk@.*$</packageUrl>
<vulnerabilityName>CVE-2024-21094</vulnerabilityName>
</suppress>


<!--
This CVE is is concerning proper use of Netty's hostname verification. Helidon enables hostname
Expand Down

0 comments on commit 9eb2e2e

Please sign in to comment.