diff options
author | David Pursehouse <dpursehouse@collab.net> | 2019-10-31 08:36:34 +0900 |
---|---|---|
committer | David Pursehouse <dpursehouse@collab.net> | 2019-10-31 09:36:28 +0900 |
commit | b81fc0757495a99da94d677a3dd889f36b503307 (patch) | |
tree | 972e211b97e784c5bd7b98adbcb443ac5e5bb9dd | |
parent | 02e1b23b284d863de6eae18c417d9dba24cd9ada (diff) |
Upgrade jackson-core to 2.10.0
Includes a fix for CVE-2019-12384 [1] that affects versions prior
to 2.9.9.1.
Note that so far we only use Jackson in the Elasticsearch integration
and we have a pending investigation of whether it's possible to remove
this dependency [2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2019-12384
[2] https://bugs.chromium.org/p/gerrit/issues/detail?id=11641
Change-Id: I3fa5993ab2d010c0a4b5a249112678a6318e9852
-rw-r--r-- | WORKSPACE | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -924,8 +924,8 @@ maven_jar( maven_jar( name = "jackson-core", - artifact = "com.fasterxml.jackson.core:jackson-core:2.9.8", - sha1 = "0f5a654e4675769c716e5b387830d19b501ca191", + artifact = "com.fasterxml.jackson.core:jackson-core:2.10.0", + sha1 = "4e2c5fa04648ec9772c63e2101c53af6504e624e", ) TESTCONTAINERS_VERSION = "1.12.3" |