prout-bot
commented
6 years ago Seen on status.ophan.co.uk (merged by @lmath 10 minutes and 39 seconds ago) Please check your changes!
Closed lmath closed 6 years ago
prout-bot
commented
6 years ago Seen on status.ophan.co.uk (merged by @lmath 10 minutes and 39 seconds ago) Please check your changes!
Why are you doing this?
https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31507
We are pulling in old versions of jackson-databind primarily via aws-sdks. It's suggested here that this shouldn't be a breaking change for the aws sdks, and indeed when I tested it by running the status-app locally, it wasn't. I bumped the versions and then just checked that the status page displayed the same before and after the version bump.
Any other suggested checks?
Trello Card // none. Inspired by Snyk.
Changes