Security update of jackson-databind library of embulk-input-postgresql to 2.13

Question

Opened this issue 2 years ago · 0 comments

If we check https://github.com/embulk/embulk-input-jdbc/blob/master/embulk-input-postgresql/gradle/dependency-locks/compileClasspath.lockfile we can see that jackson-databind is in version 2.6.7 but this version has some security vulnerabilities and needs to be upgraded:
CWE-502: Deserialization of Untrusted Data
CWE-184: Incomplete List of Disallowed Inputs