Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix jackson version to use valid Jackson version #4281

Closed
wants to merge 4 commits into from
Closed

Fix jackson version to use valid Jackson version #4281

wants to merge 4 commits into from

Conversation

Grimoren
Copy link

@Grimoren Grimoren commented Mar 28, 2022
edited
Loading

Fixes Issue

dependency-check/dependency-check-gradle#260
#4280

Description of Change

use valid jackson version

Have test cases been added to cover the new functionality?

N/A: no new functionality.

@Grimoren Grimoren changed the title Update pom.xml Fix jackson version to use valid Jackson version Mar 28, 2022
@Grimoren
Copy link
Author

It seems that 2.13.2.1 is valid for most jackson with exception to jackson-bom:
https://mvnrepository.com/artifact/com.fasterxml.jackson/jackson-bom/2.13.2.20220324

@Janpopan
Copy link
Contributor

Janpopan commented Mar 28, 2022
edited
Loading 

<dependency>
    <groupId>com.fasterxml.jackson</groupId>
    <artifactId>jackson-bom</artifactId>
    <version>2.13.2.20220324</version>
    <type>pom</type>
</dependency>

mprins
mprins reviewed Mar 28, 2022
View reviewed changes
pom.xml
<artifactId>jackson-bom</artifactId>
<version>2.13.2.20220324</version>
<type>pom</type>
</dependency>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to use a BOM in maven the <scope>import</scope> should be used

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

try using Jackson version 2.13.2.2 instead?

juergenzimmermann
juergenzimmermann suggested changes Mar 29, 2022
View reviewed changes
Copy link

@juergenzimmermann juergenzimmermann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Meanwhile there is Jackson BOM 2.13.2.20220328. See FasterXML/jackson-databind#3428

@chadlwilson
Copy link
Contributor

According to FasterXML/jackson-databind#3428 (comment) it seems the right way forward here is to roll forward to jackson.version of 2.13.2.2 which corrects the Gradle metadata causing problems for Gradle users (and dependency-check-gradle).

(Or move to a BOM-based approach entirely which would be more work, and involve removing the specific versions for jackson-databind)

@jeremylong
Copy link
Owner

superseded by #4285

@jeremylong jeremylong closed this Mar 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mprins mprins mprins left review comments

@philsegal philsegal philsegal left review comments

@juergenzimmermann juergenzimmermann juergenzimmermann requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@Grimoren @Janpopan @chadlwilson @jeremylong @juergenzimmermann @mprins @philsegal