search

ring-clojure / ring-json

Ring middleware for handling JSON
313 stars 47 forks source link

Upgrade cheshire version to 5.12.0 #71

Open vshevchenk opened 11 months ago

vshevchenk commented 11 months ago

As ring-json user I want cheshire version upgraded to 5.12.0 so that i do not have vulnerabilities in dependencies.

The root cause lies in jackson-dataformat-cbor/2.5.2 dependency which relates to multiple known CVE reports. See vulnerabilities list on maven page.

chechire 5.12.0 has the latest jackson-dataformat dependecies without known vulnerabilities as of now

Retrieving cheshire/cheshire/5.12.0/cheshire-5.12.0.jar from clojars
 [cheshire "5.12.0"]
   [com.fasterxml.jackson.core/jackson-core "2.15.2"]
   [com.fasterxml.jackson.dataformat/jackson-dataformat-cbor "2.15.2" :exclusions [[com.fasterxml.jackson.core/jackson-databind]]]
   [com.fasterxml.jackson.dataformat/jackson-dataformat-smile "2.15.2" :exclusions [[com.fasterxml.jackson.core/jackson-databind]]]
   [tigris "0.1.2"]

jackson-dataformat-cbor/2.15.2 jackson-dataformat-smile/2.15.2