From 5395dd3b0f97673e88744f1adce4802c608db338 Mon Sep 17 00:00:00 2001 From: Zach Chuba Date: Thu, 8 May 2025 14:10:20 -0400 Subject: [PATCH] Upgrade jackson to 2.19 and snakeyaml to 2.14 Code hygene and clearing falsely flagged CVEs --- core/build.gradle | 7 +++---- modules/k3s/build.gradle | 6 ++---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index 4dad6c61131..ce0526f1484 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -62,9 +62,8 @@ tasks.japicmp { configurations.all { resolutionStrategy { - // use lower Jackson version - force 'com.fasterxml.jackson.core:jackson-databind:2.8.8' - force 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.8.8' + force 'com.fasterxml.jackson.core:jackson-databind:2.19.0' + force 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.0' } } @@ -100,7 +99,7 @@ dependencies { api 'com.github.docker-java:docker-java-transport-zerodep' shaded 'com.google.guava:guava:33.3.1-jre' - shaded "org.yaml:snakeyaml:1.33" + shaded "org.yaml:snakeyaml:2.4" shaded 'org.glassfish.main.external:trilead-ssh2-repackaged:4.1.2' diff --git a/modules/k3s/build.gradle b/modules/k3s/build.gradle index 3f795d99743..1e1bb67d018 100644 --- a/modules/k3s/build.gradle +++ b/modules/k3s/build.gradle @@ -3,10 +3,8 @@ description = "Testcontainers :: K3S" dependencies { api project(":testcontainers") - // https://youtu.be/otCpCn0l4Wo - // The core module depends on jackson-databind 2.8.x for backward compatibility. - // Any >2.8 version here is not compatible with jackson-databind 2.8.x. - shaded 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.8.8' + // Synchronize with the jackson version, must match major and minor version + shaded 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.0' testImplementation 'io.fabric8:kubernetes-client:6.13.1' testImplementation 'io.kubernetes:client-java:21.0.1-legacy'