The wildcard pattern matches the jackson-jr-objects library used by braintree_java. I'm not sure if it's meant to be included and, if it is, I don't think there's any security issue with the usage of the older version as braintree_java only deserializes via JSON.std.mapFrom(...), but would be nice to have this closed out anyway.
Summary
Bumps jackson-qr-objects to v2.9.9.
There's an open CVE on the older version of Jackson: https://nvd.nist.gov/vuln/detail/CVE-2018-11307
The wildcard pattern matches the jackson-jr-objects library used by braintree_java. I'm not sure if it's meant to be included and, if it is, I don't think there's any security issue with the usage of the older version as braintree_java only deserializes via
JSON.std.mapFrom(...)
, but would be nice to have this closed out anyway.Checklist
mvn verify -DskipITs
)