✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.11.4
introduced by com.gu.play-secret-rotation:play-v28_2.13@8.3.1-SNAPSHOT > com.typesafe.play:play_2.13@2.8.21 > com.fasterxml.jackson.core:jackson-databind@2.11.4 and 13 other path(s)
We've got limited Play v2.8 usage at the Guardian, so dropping Play v2.8 support may be a good way of fixing SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244:
Repos using
play-v28
at the Guardianhttps://github.com/search?q=org%3Aguardian+%22play-v28%22++NOT+is%3Aarchived&type=code
...this rough search shows only one specific use of
"com.gu.play-secret-rotation" %% "play-v28"
:...there is also only one use of
"com.gu.play-googleauth" %% "play-v28"
:play-v30
anyway! https://github.com/guardian/bonobo/pull/250cc @Divs-B