eureka icon indicating copy to clipboard operation
eureka copied to clipboard

Published 20 hours ago verified publisher icon Netflix

Jackson cbor

Open AmitAmar opened this issue 3 years ago • 2 comments

Hi,

I upgraded some Jackson jars in your code:

compile "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}" compile "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}" compile "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"

// Eureka client uses JSON encoding by default
compileOnly "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${jacksonVersion}"`

In this PR we discussed and we agreed to not keep upgrade after 2.10 version.

I run whitesource scanning and I saw some vulnerabilities in this jar:

eureka\WEB-INF\lib\jackson-dataformat-cbor-2.6.7.jar

I searched in the source code and I didn't find this dependency in the gradle file.

Any suggestions?

Thank guys and have a nice day,

Amit.

AmitAmar avatar Jun 23 '21 11:06 AmitAmar

What does depedencyInsight tell you in Gradle?

troshko111 avatar Jun 30 '21 22:06 troshko111

Hi @troshko111 , the pull request is addressed to fix the issue with outdated Jackson CBOR library.

kkrakovych avatar Feb 20 '22 10:02 kkrakovych