deps: update jackson to a vuln-free version,

bump java-jwt in the process
6 years ago · c2416a57a8
parent be91fb08c4
commit c2416a57a8
2 changed files with 13 additions and 3 deletions
--- a/airsonic-main/pom.xml
+++ b/airsonic-main/pom.xml
@ -93,7 +93,7 @@
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
-            <version>3.1.0</version>
+            <version>3.3.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.ldap</groupId>
--- a/pom.xml
+++ b/pom.xml
@ -86,7 +86,7 @@
                <!-- Import dependency management from Spring Boot -->
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
-                <version>1.5.8.RELEASE</version>
+                <version>1.5.10.RELEASE</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
@ -113,6 +113,16 @@
                <artifactId>commons-io</artifactId>
                <version>2.5</version>
            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>2.8.11</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>2.8.11.1</version>
+            </dependency>
        </dependencies>
    </dependencyManagement>

@ -195,7 +205,7 @@
                <plugin>
                    <groupId>org.owasp</groupId>
                    <artifactId>dependency-check-maven</artifactId>
-                    <version>3.0.2</version>
+                    <version>3.1.1</version>
                    <inherited>true</inherited>
                    <configuration>
                        <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>