-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix jackson version to use valid Jackson version #4281
Conversation
It seems that 2.13.2.1 is valid for most jackson with exception to jackson-bom: |
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>2.13.2.20220324</version>
<type>pom</type>
</dependency> |
<artifactId>jackson-bom</artifactId> | ||
<version>2.13.2.20220324</version> | ||
<type>pom</type> | ||
</dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to use a BOM in maven the <scope>import</scope>
should be used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
try using Jackson version 2.13.2.2
instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Meanwhile there is Jackson BOM 2.13.2.20220328
. See FasterXML/jackson-databind#3428
According to FasterXML/jackson-databind#3428 (comment) it seems the right way forward here is to roll forward to (Or move to a BOM-based approach entirely which would be more work, and involve removing the specific versions for |
superseded by #4285 |
Fixes Issue
dependency-check/dependency-check-gradle#260
#4280
Description of Change
use valid jackson version
Have test cases been added to cover the new functionality?
N/A: no new functionality.