search

kagkarlsson / db-scheduler

Persistent cluster-friendly scheduler for Java
Apache License 2.0
1.23k stars 188 forks source link

fix(sec): upgrade com.fasterxml.jackson.core:jackson-databind to 2.14.0-rc1 #404

Closed PiFrancis closed 1 year ago

PiFrancis commented 1 year ago

What happened?

There are 1 security vulnerabilities found in com.fasterxml.jackson.core:jackson-databind 2.13.2

What did I do?

Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.2 to 2.14.0-rc1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

kagkarlsson commented 1 year ago

Why not latest, as in 2.15.2?

kagkarlsson commented 1 year ago

Fixed in #405