joffrey-bion
commented
5 years ago Nice spot, thanks! I will upgrade jackson ASAP.
Open Shinigami92 opened 5 years ago
joffrey-bion
commented
5 years ago Nice spot, thanks! I will upgrade jackson ASAP.
joffrey-bion
commented
5 years ago Turns out to be more complicated than I thought, there are a few major changes regarding jackson properties introspection, which Livedoc heavily relies upon. It will take some more time to migrate these pieces.
Shinigami92
commented
5 years ago Would like to help, but I am currently busy with other projects. Are all unit tests green? If so, you / we should write tests on the problems that occur, so that this is covered in the future.
joffrey-bion
commented
5 years ago The unit tests are failing due to the change of behaviour of Jackson, that's how I first noticed the issue.
The ignored properties API is a bit different but easy to fix (I just didn't push the change yet).
However, the types returned by Jackson are no longer Java's default implementations of the Type interface, but custom Jackson ones, and these don't seem usable in a generic way from livedoc-core code, which should be independent from Jackson.
I need to double check whether Jackson's SimpleType implementation simply fails the equals() checks in unit tests, or actually behaves differently, but I know for sure of at least one place in production code where instance of checks on Type fail on Jackson's type.
Describe the problem livedoc depends on
com.fasterxml.jackson.core:jackson-databind:2.6.5there is a new version 2.9.8Expected behavior update to 2.9.8
Context CVEs:
https://github.com/joffrey-bion/livedoc/blob/master/livedoc-core/build.gradle#L13