search

sofastack / sofa-jraft

A production-grade java implementation of RAFT consensus algorithm.
https://www.sofastack.tech/projects/sofa-jraft/
Apache License 2.0
3.59k stars 1.15k forks source link

fix(sec): upgrade com.fasterxml.jackson.core:jackson-databind to 2.12.6.1 #892

Closed claire9910 closed 1 year ago

claire9910 commented 2 years ago

What happened?

There are 1 security vulnerabilities found in com.fasterxml.jackson.core:jackson-databind 2.10.5.1

What did I do?

Upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.5.1 to 2.12.6.1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How was this patch tested?

Run mvn compile succeeded locally. Run mvn clean test succeeded locally. all tests passed.

The specification of the pull request

PR Specification from OSCS

sofastack-bot[bot] commented 2 years ago

Hi @claire9910, welcome to SOFAStack community, Please sign Contributor License Agreement!

After you signed CLA, we will automatically sync the status of this pull request in 3 minutes.

fengjiachun commented 1 year ago

test_rheakv_core failed and the log file expired, but it passed on my computer and I don't think there is anything wrong with it.

Thank you @claire9910