poovamraj
commented
2 years ago We need to bump java-jwt as well. I will create a PR for it once it is released.
Closed evansims closed 2 years ago
poovamraj
commented
2 years ago We need to bump java-jwt as well. I will create a PR for it once it is released.
This PR bumps the
jackson-databinddependency to 2.13.2.1 to address CVE-2020-36518 in that library~~Re: https://togithub.com/FasterXML/jackson-databind/issues/3428 Build is currently failing due to an upstream issue; holding until resolved.~~
A package fix was released as 2.13.2.2. I've updated the PR and marked as ready for review.