Skip to content

[SQL] Avoid vulnerable version of jackson library#5846

Merged
mihaibudiu merged 1 commit intomainfrom
maven
Mar 18, 2026
Merged

[SQL] Avoid vulnerable version of jackson library#5846
mihaibudiu merged 1 commit intomainfrom
maven

Conversation

@mihaibudiu
Copy link
Contributor

@mihaibudiu mihaibudiu commented Mar 17, 2026

Describe Manual Test Plan

Ran Java tests

mythical-fred
mythical-fred approved these changes Mar 17, 2026
View reviewed changes
Copy link

@mythical-fred mythical-fred left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mihaibudiu mihaibudiu enabled auto-merge March 17, 2026 16:57
@mihaibudiu
Copy link
Contributor Author

mihaibudiu commented Mar 17, 2026 

$ mvn dependency:tree | grep jackson
[INFO] +- com.fasterxml.jackson.dataformat:jackson-dataformat-csv:jar:2.21.1:test
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.21.1:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-annotations:jar:2.21:compile
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.21.1:compile
[INFO] +- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.21.1:compile
$ mvn dependency:tree | grep httpclient
[INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.5:runtime
$ mvn dependency:tree | grep smart
[INFO] |  +- net.minidev:json-smart:jar:2.6.0:runtime
[INFO] |  |  \- net.minidev:accessors-smart:jar:2.6.0:runtime

@mihaibudiu
Copy link
Contributor Author

mihaibudiu commented Mar 17, 2026

image

@mihaibudiu
Copy link
Contributor Author

mihaibudiu commented Mar 17, 2026

image

@mihaibudiu
Copy link
Contributor Author

mihaibudiu commented Mar 17, 2026

image

@mihaibudiu
Copy link
Contributor Author

mihaibudiu commented Mar 17, 2026

According to this analysis we are no longer vulnerable

@mihaibudiu mihaibudiu added this pull request to the merge queue Mar 17, 2026
@mihaibudiu mihaibudiu removed this pull request from the merge queue due to a manual request Mar 17, 2026
@mihaibudiu
[SQL] Avoid vulnerable version of jackson library
cf54a1b 
Signed-off-by: Mihai Budiu <mbudiu@feldera.com>
@mihaibudiu mihaibudiu enabled auto-merge March 17, 2026 22:19
@mihaibudiu mihaibudiu added this pull request to the merge queue Mar 17, 2026
Merged via the queue into main with commit e223179 Mar 18, 2026
1 check passed
@mihaibudiu mihaibudiu deleted the maven branch March 18, 2026 03:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gz gz gz approved these changes

+1 more reviewer

@mythical-fred mythical-fred mythical-fred approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mihaibudiu @gz @mythical-fred