[BUILD] Bump fasterxml.jackson from 2.9.10 to 2.10.0

Qihoo360 / XSQL

Unified SQL Analytics Engine Based on SparkSQL

https://qihoo360.github.io/XSQL/

Apache License 2.0

209 stars 62 forks source link

[BUILD] Bump fasterxml.jackson from 2.9.10 to 2.10.0 #63

Closed beliefer closed 4 years ago

beliefer commented 4 years ago

What changes were proposed in this pull request?

The current code uses com.fasterxml.jackson.core:jackson-databind:jar:2.9.10 and it will cause a security vulnerabilities. We referenced https://github.com/advisories/GHSA-mx7p-6679-8g3q This Alert remind to upgrate the version of jackson-databind to 2.9.10.1 or later. I referenced Spark 3.0.0 contains jackson-databind:jar:2.10.0.

How was this patch tested?

No UT now.

wenfang6 commented 4 years ago

LGTM

wenfang6 commented 4 years ago

Thanks! Merged to master and branch-0.6