Upgrade jackson 2.13 version due to CVE (#31281)

* Upgrade jackson 2.13 version due to CVE * v2.13.2.2 fixes small issue in jackson bom
2022-04-08 08:17:14 +02:00 · 2022-04-08 08:17:14 +02:00 · a394b2cdf7
commit a394b2cdf7
parent af389a719f
1 changed files with 17 additions and 9 deletions
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@ -25,7 +25,7 @@ object Dependencies {
  val protobufJavaVersion = "3.16.1"
  val logbackVersion = "1.2.11"

-  val jacksonVersion = Def.setting {
+  val jacksonCoreVersion = Def.setting {
    if (scalaVersion.value.startsWith("3.")) {
      "2.13.2"
    } else {
@ -33,6 +33,14 @@ object Dependencies {
    }
  }

+  val jacksonDatabindVersion = Def.setting {
+    if (scalaVersion.value.startsWith("3.")) {
+      "2.13.2.2"
+    } else {
+      jacksonCoreVersion.value
+    }
+  }
+
  val scala212Version = "2.12.15"
  val scala213Version = "2.13.8"
  // To get the fix for https://github.com/lampepfl/dotty/issues/13106
@ -120,28 +128,28 @@ object Dependencies {
    val asnOne = ("com.hierynomus" % "asn-one" % "0.5.0").exclude("org.slf4j", "slf4j-api") // ApacheV2

    val jacksonCore = Def.setting {
-      "com.fasterxml.jackson.core" % "jackson-core" % jacksonVersion.value
+      "com.fasterxml.jackson.core" % "jackson-core" % jacksonCoreVersion.value
    } // ApacheV2
    val jacksonAnnotations = Def.setting {
-      "com.fasterxml.jackson.core" % "jackson-annotations" % jacksonVersion.value
+      "com.fasterxml.jackson.core" % "jackson-annotations" % jacksonCoreVersion.value
    } // ApacheV2
    val jacksonDatabind = Def.setting {
-      "com.fasterxml.jackson.core" % "jackson-databind" % jacksonVersion.value
+      "com.fasterxml.jackson.core" % "jackson-databind" % jacksonDatabindVersion.value
    } // ApacheV2
    val jacksonJdk8 = Def.setting {
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-jdk8" % jacksonVersion.value
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-jdk8" % jacksonCoreVersion.value
    } // ApacheV2
    val jacksonJsr310 = Def.setting {
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % jacksonVersion.value
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % jacksonCoreVersion.value
    } // ApacheV2
    val jacksonScala = Def.setting {
-      "com.fasterxml.jackson.module" %% "jackson-module-scala" % jacksonVersion.value
+      "com.fasterxml.jackson.module" %% "jackson-module-scala" % jacksonCoreVersion.value
    } // ApacheV2
    val jacksonParameterNames = Def.setting {
-      "com.fasterxml.jackson.module" % "jackson-module-parameter-names" % jacksonVersion.value
+      "com.fasterxml.jackson.module" % "jackson-module-parameter-names" % jacksonCoreVersion.value
    } // ApacheV2
    val jacksonCbor = Def.setting {
-      "com.fasterxml.jackson.dataformat" % "jackson-dataformat-cbor" % jacksonVersion.value
+      "com.fasterxml.jackson.dataformat" % "jackson-dataformat-cbor" % jacksonCoreVersion.value
    } // ApacheV2
    val lz4Java = "org.lz4" % "lz4-java" % "1.8.0" // ApacheV2