apiclient: Bump Jackson version to 2.10.4

Jackson 2.9.x has various vulnerabilities that are fixed in 2.10 series: https://github.com/FasterXML/jackson-databind/issues/2700#issuecomment-619590967 Let's update to the latest version of Jackson. This is a similar fix to Github's Dependabot proposal, except we bump the version number across all Jackson components: https://github.com/scylladb/scylla-jmx/pull/116
2020-07-14 10:17:17 +03:00 · 2020-07-14 10:17:17 +03:00 · 15eb6adf92
parent 5820992a8e
commit 15eb6adf92
1 changed files with 4 additions and 3 deletions
--- a/scylla-apiclient/pom.xml
+++ b/scylla-apiclient/pom.xml
@ -12,6 +12,7 @@
    <properties>
        <maven.compiler.target>1.8</maven.compiler.target>
        <maven.compiler.source>1.8</maven.compiler.source>
+        <jackson.version>2.10.4</jackson.version>
    </properties>

    <dependencies>
@ -63,17 +64,17 @@
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-annotations</artifactId>
-            <version>2.9.9</version>
+            <version>${jackson.version}</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-            <version>2.9.10.4</version>
+            <version>${jackson.version}</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.jaxrs</groupId>
            <artifactId>jackson-jaxrs-json-provider</artifactId>
-            <version>2.9.9</version>
+	    <version>${jackson.version}</version>
        </dependency>
    </dependencies>