Skip to content

fix(deps): vuln minor upgrades — 12 packages (minor: 1 · patch: 11) #3697

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/maven/0-1775509179
Open

fix(deps): vuln minor upgrades — 12 packages (minor: 1 · patch: 11) #3697
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/maven/0-1775509179

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 bot commented Apr 6, 2026

Summary: Security update — 12 packages upgraded (MINOR changes included)

Manifests changed:

  • . (maven)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Vulnerabilities Fixed
com.fasterxml.jackson.core:jackson-core 2.20.1 2.20.2 patch 1 MODERATE
com.fasterxml.jackson.core:jackson-annotations 2.20 2.21 minor -
com.fasterxml.jackson.core:jackson-databind 2.20.1 2.20.2 patch -
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.20.1 2.20.2 patch -
com.github.scribejava:scribejava-core 8.3.1 8.3.3 patch -
jakarta.annotation:jakarta.annotation-api 2.1.0 2.1.1 patch -
org.glassfish.jersey.connectors:jersey-apache-connector 3.0.8 3.0.18 patch -
org.glassfish.jersey.core:jersey-client 3.0.8 3.0.18 patch -
org.glassfish.jersey.inject:jersey-hk2 3.0.8 3.0.18 patch -
org.glassfish.jersey.media:jersey-media-json-jackson 3.0.8 3.0.18 patch -
org.glassfish.jersey.media:jersey-media-multipart 3.0.8 3.0.18 patch -
org.openapitools:jackson-databind-nullable 0.2.3 0.2.10 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq MODERATE jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 2.20.1 2.18.6
⚠️ Dependencies that have Reached EOL (7)
Dependency Unsafe Version EOL Date New Version Path
com.fasterxml.jackson.core:jackson-annotations 2.20 - 2.21 pom.xml
com.fasterxml.jackson.core:jackson-core 2.20.1 - 2.20.2 pom.xml
com.fasterxml.jackson.core:jackson-databind 2.20.1 - 2.20.2 pom.xml
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.20.1 - 2.20.2 pom.xml
com.github.scribejava:scribejava-core 8.3.1 - 8.3.3 pom.xml
org.glassfish.jersey.connectors:jersey-apache-connector 3.0.8 - 3.0.18 pom.xml
org.glassfish.jersey.inject:jersey-hk2 3.0.8 - 3.0.18 pom.xml

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot marked this pull request as ready for review April 7, 2026 13:42
@campaigner-prod campaigner-prod bot requested review from a team as code owners April 7, 2026 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-java adms-medium-severity adms-minor-update adms-mode-all-updates campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants