Upgrade to official Jackson fix for preventing a DoS attack

dropwizard-bom/pom.xml

@@ -21,7 +21,7 @@
         <dropwizard.version>${project.version}</dropwizard.version>
         <guava.version>24.1.1-jre</guava.version>
         <jersey.version>2.25.1</jersey.version>
-        <jackson.version>2.9.6</jackson.version>
+        <jackson.version>2.9.8</jackson.version>
         <jetty.version>9.4.11.v20180605</jetty.version>
         <servlet.version>3.0.0.v201112011016</servlet.version>
         <metrics4.version>4.0.2</metrics4.version>

dropwizard-configuration/src/test/java/io/dropwizard/configuration/YamlConfigurationFactoryTest.java

@@ -30,12 +30,6 @@ public void printsDetailedInformationOnMalformedContent() throws Exception {
             .hasMessageContaining(String.format(
                 "%s has an error:%n" +
                 "  * Malformed YAML at line: 3, column: 22; while parsing a flow sequence\n" +
-                " in 'reader', line 2, column 7:\n" +
-                "    type: [ coder,wizard\n" +
-                "          ^\n" +
-                "expected ',' or ']', but got StreamEnd\n" +
-                " in 'reader', line 2, column 21:\n" +
-                "    wizard\n" +
-                "          ^", malformedAdvancedFile.getName()));
+                " in 'reader'", malformedAdvancedFile.getName()));
     }
 }

dropwizard-jackson/src/main/java/io/dropwizard/jackson/Jackson.java

@@ -64,7 +64,6 @@ private static ObjectMapper configure(ObjectMapper mapper) {
         mapper.setPropertyNamingStrategy(new AnnotationSensitivePropertyNamingStrategy());
         mapper.setSubtypeResolver(new DiscoverableSubtypeResolver());
 
-        mapper.registerModule(new SafeJavaTimeModule());
         return mapper;
     }
 }

dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToDurationTest.java

@@ -16,10 +16,9 @@ public class JacksonDeserializationOfBigNumbersToDurationTest {
     private final ObjectMapper objectMapper = Jackson.newObjectMapper();
 
     @Test(timeout = 5000)
-    public void testDoesNotAttemptToDeserializeExtremelyBigNumbers() {
-        assertThatExceptionOfType(JsonMappingException.class).isThrownBy(
-            () -> objectMapper.readValue("{\"id\": 42, \"duration\": 1e1000000000}", Task.class))
-            .withMessageStartingWith("Value is out of range of Duration");
+    public void testDoesNotAttemptToDeserializeExtremelyBigNumbers() throws Exception {
+        Task task = objectMapper.readValue("{\"id\": 42, \"duration\": 1e1000000000}", Task.class);
+        assertThat(task.getDuration()).isEqualTo(Duration.ofSeconds(0));
     }
 
     @Test

dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToInstantTest.java

@@ -16,10 +16,9 @@ public class JacksonDeserializationOfBigNumbersToInstantTest {
     private final ObjectMapper objectMapper = Jackson.newObjectMapper();
 
     @Test(timeout = 5000)
-    public void testDoesNotAttemptToDeserializeExtremelBigNumbers() {
-        assertThatExceptionOfType(JsonMappingException.class).isThrownBy(
-            () -> objectMapper.readValue("{\"id\": 42, \"createdAt\": 1e1000000000}", Event.class))
-            .withMessageStartingWith("Value is out of range of Instant");
+    public void testDoesNotAttemptToDeserializeExtremelBigNumbers() throws Exception {
+        Event event = objectMapper.readValue("{\"id\": 42, \"createdAt\": 1e1000000000}", Event.class);
+        assertThat(event.getCreatedAt()).isEqualTo(Instant.ofEpochMilli(0));
     }
 
     @Test