We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
As ring-json user I want cheshire version upgraded to 5.12.0 so that i do not have vulnerabilities in dependencies.
The root cause lies in jackson-dataformat-cbor/2.5.2 dependency which relates to multiple known CVE reports. See vulnerabilities list on maven page.
chechire 5.12.0 has the latest jackson-dataformat dependecies without known vulnerabilities as of now
Retrieving cheshire/cheshire/5.12.0/cheshire-5.12.0.jar from clojars [cheshire "5.12.0"] [com.fasterxml.jackson.core/jackson-core "2.15.2"] [com.fasterxml.jackson.dataformat/jackson-dataformat-cbor "2.15.2" :exclusions [[com.fasterxml.jackson.core/jackson-databind]]] [com.fasterxml.jackson.dataformat/jackson-dataformat-smile "2.15.2" :exclusions [[com.fasterxml.jackson.core/jackson-databind]]] [tigris "0.1.2"]
jackson-dataformat-cbor/2.15.2 jackson-dataformat-smile/2.15.2
The text was updated successfully, but these errors were encountered:
No branches or pull requests
As ring-json user I want cheshire version upgraded to 5.12.0 so that i do not have vulnerabilities in dependencies.
The root cause lies in jackson-dataformat-cbor/2.5.2 dependency which relates to multiple known CVE reports. See vulnerabilities list on maven page.
chechire 5.12.0 has the latest jackson-dataformat dependecies without known vulnerabilities as of now
jackson-dataformat-cbor/2.15.2
jackson-dataformat-smile/2.15.2
The text was updated successfully, but these errors were encountered: