Qihoo360 / Quicksql

A Flexible, Fast, Federated(3F) SQL Analysis Middleware for Multiple Data Sources
https://quicksql.readthedocs.io
MIT License
2.06k stars 583 forks source link

fix(sec): upgrade com.fasterxml.jackson.core:jackson-databind to 2.12.6.1 #287

Open lxxawfl opened 2 years ago

lxxawfl commented 2 years ago

What happened?

There are 1 security vulnerabilities found in com.fasterxml.jackson.core:jackson-databind 2.6.5

What did I do?

Upgrade com.fasterxml.jackson.core:jackson-databind from 2.6.5 to 2.12.6.1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How was this patch tested?

Run mvn compile failed locally, couldn't complete the build process. Run mvn clean test failed locally, unit-test couldn't pass.

The specification of the pull request

PR Specification from OSCS