Upgrade jackson-databind to 2.13.2.1 (CVE-2020-36518) (#682)

Carter Kozak · web-flow · commit 61a2b27bfd85 · 2022-03-25T09:42:43.000-04:00
diff --git a/build.gradle b/build.gradle
@@ -1,7 +1,11 @@
 buildscript {
     repositories {
-        gradlePluginPortal()
-        mavenCentral()
+        gradlePluginPortal() {
+	    metadataSources { mavenPom(); ignoreGradleMetadataRedirection() }
+	}
+        mavenCentral() {
+	    metadataSources { mavenPom(); ignoreGradleMetadataRedirection() }
+        }
     }
 
     dependencies {
@@ -33,7 +37,9 @@ allprojects {
     version = rootProject.version
 
     repositories {
-        mavenCentral()
+        mavenCentral() {
+	    metadataSources { mavenPom(); ignoreGradleMetadataRedirection() }
+	}
     }
 }
 
diff --git a/versions.lock b/versions.lock
@@ -5,13 +5,12 @@ com.diffplug.durian:durian-io:1.2.0 (1 constraints: 1313c62d)
 com.diffplug.spotless:spotless-lib:2.23.0 (2 constraints: ea24bde5)
 com.diffplug.spotless:spotless-lib-extra:2.23.0 (1 constraints: 47131a41)
 com.diffplug.spotless:spotless-plugin-gradle:6.3.0 (1 constraints: 0b051236)
-com.fasterxml.jackson:jackson-bom:2.13.2 (6 constraints: fe7c7c05)
-com.fasterxml.jackson.core:jackson-annotations:2.13.2 (3 constraints: 7826a4c4)
-com.fasterxml.jackson.core:jackson-core:2.13.2 (6 constraints: f76b550e)
-com.fasterxml.jackson.core:jackson-databind:2.13.2 (5 constraints: 705903c1)
-com.fasterxml.jackson.datatype:jackson-datatype-guava:2.13.2 (2 constraints: f1138182)
-com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.2 (2 constraints: f1138182)
-com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.2 (2 constraints: f1138182)
+com.fasterxml.jackson.core:jackson-annotations:2.13.2 (2 constraints: c1174d71)
+com.fasterxml.jackson.core:jackson-core:2.13.2 (5 constraints: 405d9c93)
+com.fasterxml.jackson.core:jackson-databind:2.13.2.1 (4 constraints: 184b68a5)
+com.fasterxml.jackson.datatype:jackson-datatype-guava:2.13.2 (1 constraints: 3a053a3b)
+com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.2 (1 constraints: 3a053a3b)
+com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.2 (1 constraints: 3a053a3b)
 com.google.auto:auto-common:1.2 (2 constraints: fb206329)
 com.google.auto.service:auto-service:1.0.1 (1 constraints: 0405f135)
 com.google.auto.service:auto-service-annotations:1.0.1 (1 constraints: 9b0f6786)
@@ -33,7 +32,7 @@ org.immutables:value:2.8.8 (1 constraints: 14051536)
 org.slf4j:slf4j-api:1.7.36 (2 constraints: bd13787c)
 
 [Test dependencies]
-cglib:cglib-nodep:3.3.0 (2 constraints: 7a1acf3c)
+cglib:cglib-nodep:3.2.2 (1 constraints: 490ded24)
 com.google.auto.value:auto-value:1.5.3 (1 constraints: 1c121afb)
 com.google.auto.value:auto-value-annotations:1.8.1 (1 constraints: 620a29b9)
 com.google.guava:guava-testlib:27.0.1-jre (1 constraints: aa067c53)
@@ -42,24 +41,20 @@ com.google.truth:truth:1.1.3 (3 constraints: b72b7cb8)
 com.google.truth.extensions:truth-java8-extension:0.37 (1 constraints: ef11ffe8)
 com.netflix.nebula:nebula-test:10.0.0 (1 constraints: 3305273b)
 junit:junit:4.13.2 (7 constraints: 796291b5)
-net.bytebuddy:byte-buddy:1.10.16 (1 constraints: 950dfa39)
-org.assertj:assertj-core:3.22.0 (2 constraints: 65174647)
+org.apiguardian:apiguardian-api:1.1.2 (7 constraints: 9d791b5f)
+org.assertj:assertj-core:3.22.0 (1 constraints: 39053f3b)
 org.hamcrest:hamcrest:2.2 (1 constraints: d20cdc04)
 org.hamcrest:hamcrest-core:1.3 (1 constraints: cc05fe3f)
-org.jetbrains:annotations:19.0.0 (1 constraints: 660d8f2c)
-org.junit:junit-bom:5.8.2 (12 constraints: 6ac77fbf)
-org.junit.jupiter:junit-jupiter:5.8.2 (2 constraints: 260e7a59)
-org.junit.jupiter:junit-jupiter-api:5.8.2 (5 constraints: aa4de77d)
-org.junit.jupiter:junit-jupiter-engine:5.8.2 (2 constraints: 2117d23c)
-org.junit.jupiter:junit-jupiter-migrationsupport:5.8.2 (2 constraints: 260e7a59)
-org.junit.jupiter:junit-jupiter-params:5.8.2 (2 constraints: 2117d23c)
-org.junit.platform:junit-platform-commons:1.8.2 (3 constraints: ee29ed2b)
-org.junit.platform:junit-platform-engine:1.8.2 (4 constraints: 863c7bdc)
-org.junit.platform:junit-platform-launcher:1.8.2 (2 constraints: 121b944a)
-org.junit.platform:junit-platform-testkit:1.8.2 (1 constraints: 12097995)
-org.junit.vintage:junit-vintage-engine:5.8.2 (2 constraints: 260e7a59)
-org.objenesis:objenesis:3.1 (2 constraints: bb193de0)
-org.opentest4j:opentest4j:1.2.0 (3 constraints: c53224a1)
-org.ow2.asm:asm:9.1 (2 constraints: da162012)
+org.junit.jupiter:junit-jupiter:5.8.2 (1 constraints: 11051e36)
+org.junit.jupiter:junit-jupiter-api:5.8.2 (4 constraints: 95444621)
+org.junit.jupiter:junit-jupiter-engine:5.8.2 (1 constraints: 0c0edf3b)
+org.junit.jupiter:junit-jupiter-migrationsupport:5.8.2 (1 constraints: 11051e36)
+org.junit.jupiter:junit-jupiter-params:5.8.2 (1 constraints: 0c0edf3b)
+org.junit.platform:junit-platform-commons:1.8.2 (2 constraints: dd200b4b)
+org.junit.platform:junit-platform-engine:1.8.2 (3 constraints: 5e2e6f7f)
+org.junit.vintage:junit-vintage-engine:5.8.2 (1 constraints: 11051e36)
+org.objenesis:objenesis:2.4 (1 constraints: ea0c8c0a)
+org.opentest4j:opentest4j:1.2.0 (2 constraints: cd205b49)
+org.ow2.asm:asm:9.1 (1 constraints: 040aa7a4)
 org.spockframework:spock-core:2.0-M4-groovy-3.0 (2 constraints: e822d65a)
 org.spockframework:spock-junit4:2.0-M4-groovy-3.0 (1 constraints: 25115ddf)
diff --git a/versions.props b/versions.props
@@ -18,3 +18,4 @@ org.junit.jupiter:* = 5.8.2
 org.junit.vintage:* = 5.8.2
 org.slf4j:slf4j-api = 1.7.36
 com.fasterxml.jackson.*:* = 2.13.2
+com.fasterxml.jackson.core:jackson-databind = 2.13.2.1
