fix(sec): upgrade com.fasterxml.jackson.core:jackson-databind to 2.13.2.1

eirslett / frontend-maven-plugin

"Maven-node-grunt-gulp-npm-node-plugin to end all maven-node-grunt-gulp-npm-plugins." A Maven plugin that downloads/installs Node and NPM locally, runs NPM install, Grunt, Gulp and/or Karma.

Apache License 2.0

4.2k stars 867 forks source link

fix(sec): upgrade com.fasterxml.jackson.core:jackson-databind to 2.13.2.1 #1061

Closed Zhfuln closed 1 year ago

Zhfuln commented 1 year ago

What happened？

There are 2 security vulnerabilities found in com.fasterxml.jackson.core:jackson-databind 2.13.0

CVE-2020-36518
MPS-2022-12500

What did I do？

Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS