Upgrade jackson databind to address known issues
eoliphan opened this issue · 1 comments
eoliphan commented
Upcoming End-of-Support
- I acknowledge the upcoming end-of-support for AWS SDK for Java v1 was announced, and migration to AWS SDK for Java v2 is recommended.
Describe the bug
The current jackson version has some known issues that are addressed as of the latest releases
Expected Behavior
Transitive deps shouldn't have issues
Current Behavior
SCA scans flag some known issues.
Reproduction Steps
Perform an sca scan
Possible Solution
Upgrade jackson
Additional Information/Context
It may be useful to integrate GH actions, maven plugins, etc that automate sca scans
AWS Java SDK version used
1.12.741
JDK version used
openjdk version "1.8.0_402" OpenJDK Runtime Environment Corretto-8.402.06.1 (build 1.8.0_402-b06) OpenJDK 64-Bit Server VM Corretto-8.402.06.1 (build 25.402-b06, mixed mode)
Operating System and version
AWS linux 2
debora-ito commented
@eoliphan do you have a report of the known issues? Is any issue security-related?
For context, Java SDK v1 cannot upgrade away from jackson databind 2.17.7.x, it can introduce some breaking changes.