update to jackson 2.9.6 due to CVEs #203
Conversation
| } | ||
|
|
||
| ext { | ||
| jacksonVersion = '2.9.6' |
| compile 'com.fasterxml.jackson.core:jackson-core:2.4.2' | ||
| compile 'com.fasterxml.jackson.core:jackson-annotations:2.4.2' | ||
| compile 'com.fasterxml.jackson.core:jackson-databind:2.4.2' | ||
| compile "com.fasterxml.jackson.core:jackson-core:$jacksonVersion" |
There was a problem hiding this comment.
Minor issue here with the quotes using double quotes instead of single quotes that are used elsewhere. For consistency let's use single quotes 👍
There was a problem hiding this comment.
the double quotes are necessary to allow string interpolation to happen - single quotes mean the text is literal
http://docs.groovy-lang.org/latest/html/documentation/#_string_interpolation
thewheat
left a comment
thewheat
left a comment
There was a problem hiding this comment.
Thanks so much for this PR @pjfanning
Minor thing of inconsistent quotes (using double instead of single which is used in the rest of the file)
Once we get that fixed I can get the team to review this and get it merged as soon as possible 👍
|
@thewheat is the answer that I provided to your change request ok? |
|
So sorry @pjfanning I missed the notification of your reply. Since we need double quotes for that, could we switch to double quotes for the entire file then? Just for consistency 👍 |
|
@thewheat I updated the pull request to use double quotes for all dependencies |
|
Fantastic @pjfanning! I'll get the team to verify that this is all good and we can merge it 👍 Thank you so much! |
SeanHealy33
left a comment
SeanHealy33
left a comment
There was a problem hiding this comment.
Looks good @pjfanning
3 participants
https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x