Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Jackson dependency to 2.12.6 (from 2.10 and others) #1680

Closed
tatu-at-datastax opened this issue Mar 7, 2022 · 0 comments
Closed

Update Jackson dependency to 2.12.6 (from 2.10 and others) #1680

tatu-at-datastax opened this issue Mar 7, 2022 · 0 comments
Assignees
@tatu-at-datastax
Labels
dependencies Pull requests that update a dependency file

Comments

@tatu-at-datastax
Copy link
Collaborator

Based on latest reports from Snyk, it looks like we should unify and upgrade dependencies to Jackson versions.
The main version Stargate components like restapi seems to use is 2.10.5 which is ok (as long as it's beyond 2.9 we won't get tons of CVEs), but based on my work on StargateV2 we should have no problem upgrading to the latest 2.12 patch. And while we could go all the way 2.13.2 (released yesterday) it seems safer to go with something that has been around for a while and has no known vulnerabilities. Hence 2.12.6.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatu-at-datastax tatu-at-datastax

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

(WIP) Alternative Jackson 2.12.6 upgrade PR stargate/stargate
1 participant
@tatu-at-datastax