Bump jackson.version from 2.15.2 to 2.15.3 #1399
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps `jackson.version` from 2.15.2 to 2.15.3. Updates `com.fasterxml.jackson:jackson-bom` from 2.15.2 to 2.15.3 - [Commits](FasterXML/jackson-bom@jackson-bom-2.15.2...jackson-bom-2.15.3) Updates `com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider` from 2.15.2 to 2.15.3 --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
|
JFYI @THausherr @tballison According to this ticket https://issues.apache.org/jira/browse/AVRO-3754 2.15 can introduce some troubles .... |
|
Thank you for this, @solomax. We'll make the string length adjustable via: https://issues.apache.org/jira/browse/TIKA-4154 |
|
👋 Are we releasing this upgrade any time soon? We are using tika-server 2.9.1, and it seems like that version still depends on |
|
I looked over the git logs around the 2.9.1 release, and I should have included this dependency bump before cutting 2.9.1-rc1. I suspect I was not eager to bump the dependencies right before a release without more in depth testing. That said, I reviewed this "vulnerability" just now. I concur with the jackson developers and others on this issue that this is not a problem despite what security scanners complain about. I personally don't think this merits a new release. I have no doubt that other, actual vulnerabilities will be found in our dependencies which would trigger a 2.9.2 soon enough. |
|
Thank you Tim!, I appreciate you taking a deeper look! we'll be in the look out for 2.9.2 |
Bumps
jackson.versionfrom 2.15.2 to 2.15.3.Updates
com.fasterxml.jackson:jackson-bomfrom 2.15.2 to 2.15.3Commits
151d968[maven-release-plugin] prepare release jackson-bom-2.15.3f99347bPrepare for 2.15.3 release11114a2Updatenexus-staging-maven-plugindep to 1.6.13 (from 1.6.8)c6361deTo 2.15.3-SNAPSHOT0cdf4da[maven-release-plugin] prepare for next development iterationUpdates
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-providerfrom 2.15.2 to 2.15.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)