Update Jackson

Author: f11h

owasp/suppressions.xml

@@ -4,4 +4,12 @@
     <notes>no YAML content from users is parsed within this service</notes>
     <cve>CVE-2022-1471</cve>
   </suppress>
+  <suppress>
+    <notes>False positive</notes>
+    <cve>CVE-2022-45688</cve>
+  </suppress>
+  <suppress>
+    <notes>No fix available, still analyzed</notes>
+    <cve>CVE-2023-35116</cve>
+  </suppress>
 </suppressions>

pom.xml

@@ -87,6 +87,17 @@
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-fileupload</groupId>
+                    <artifactId>commons-fileupload</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+            <version>1.5</version>
         </dependency>
         <dependency>
             <groupId>io.github.openfeign</groupId>
@@ -120,10 +131,22 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
+            <version>2.15.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>2.15.2</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.15.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>2.15.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>