fix: Pull Jackson update to avoid DoS issue #1967

elevenfive · 2024-07-26T16:49:25Z

Reported by Snyk: Denial of Service (DoS) [High Severity]

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
Ensure the tests and linter pass
Code coverage does not decrease (if any source code was changed)
Appropriate docs were updated (if necessary)

Fixes #1966 ☕️

If you write sample code, please follow the samples format.

- com.fasterxml.jackson.core:jackson-core 2.14.2 -> 2.17.2 - FasterXML/jackson-core#861 - Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538] in com.fasterxml.jackson.core:[email protected] introduced by com.google.http-client:[email protected] > com.fasterxml.jackson.core:[email protected] This issue was fixed in versions: 2.15.0-rc1

elevenfive requested a review from a team as a code owner July 26, 2024 16:49

product-auto-label bot added the size: xs Pull request size is extra small. label Jul 26, 2024

elevenfive force-pushed the jackson-2.17.2 branch 2 times, most recently from 685b152 to 0e2f45a Compare July 26, 2024 17:00

elevenfive force-pushed the jackson-2.17.2 branch from 0e2f45a to 2e920df Compare July 26, 2024 17:02

elevenfive changed the title ~~Pull Jackson update to avoid DoS issue~~ fix: Pull Jackson update to avoid DoS issue Jul 26, 2024

Provide feedback