Known security vulnerabilities detected in third-party library

Question

draeger opened this issue 3 years ago · 3 comments

Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.8

Answer 1 · 2022-05-03T16:41:56.000Z

As far as I can tell, we are currently using version 2.10.1 see here.

However, our THIRD-PARTY.txt is not quite up to date.

It seems this was created by the License Maven Plugin at some point.

Since we are no longer using Maven, we could use a Gradle plugin instead, I have opened a PR to this effect.

Answer 2 · 2022-05-10T07:59:18.000Z

I am retagging the issue to reflect what transpired to be the issue.

Also, this was already dealt with in the 2.1 branch - so I have added it to the project and moved to Needs Testing

Answer 3 · 2022-06-28T15:41:14.000Z

has been merged