From 1c5f3c5448dce6565709c7613f9e5b21f30f9e53 Mon Sep 17 00:00:00 2001 From: Scala Steward Date: Thu, 10 Oct 2024 14:43:28 +0000 Subject: [PATCH] Update jackson-databind to 2.15.4 --- project/Dependencies.scala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 658caa58..fb549d37 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -33,7 +33,7 @@ object Dependencies { lazy val guava = "com.google.guava" % "guava" % "33.0.0-jre" // XXX This is necessary for Spark version consistency lazy val jacksonDatabind = - "com.fasterxml.jackson.core" % "jackson-databind" % "2.15.2" + "com.fasterxml.jackson.core" % "jackson-databind" % "2.15.4" // XXX Version bundled with Spark is vulnerable to CVE-2022-3171 lazy val protobuf = "com.google.protobuf" % "protobuf-java" % "3.25.4" // XXX Bundled version is vulnerable to CVE-2023-34455