Bump Jackson dependency version 2.9.10.1

emlun · emlun · commit 709b9cecc476 · 2019-11-08T18:07:33.000+01:00
diff --git a/NEWS b/NEWS
@@ -1,5 +1,9 @@
 == Version 1.5.1 (unreleased) ==
 
+Security fixes:
+
+- Bumped Jackson dependency to version 2.9.10.1 which has patched CVE-2019-16942
+
 Bug fixes:
 
 - Fixed bug introduced in 1.4.0, which caused
diff --git a/build.gradle b/build.gradle
@@ -51,9 +51,9 @@ allprojects {
 Map<String, String> dependencyVersions = [
   'ch.qos.logback:logback-classic:1.2.3',
   'com.augustcellars.cose:cose-java:1.0.0',
-  'com.fasterxml.jackson.core:jackson-databind:2.9.9.3',
-  'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.9',
-  'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.9',
+  'com.fasterxml.jackson.core:jackson-databind:2.9.10.1',
+  'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.10',
+  'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.10',
   'com.google.guava:guava:19.0',
   'com.upokecenter:cbor:4.0.1',
   'javax.activation:activation:1.1.1',
