From 47b10672e4eace0bc5229fbaf4936af9c2c162cd Mon Sep 17 00:00:00 2001 From: Zach Chuba Date: Thu, 8 May 2025 14:10:20 -0400 Subject: [PATCH 1/2] Upgrade jackson to 2.19 and snakeyaml to 2.14 Code hygene and clearing falsely flagged CVEs --- core/build.gradle | 7 +++---- modules/k3s/build.gradle | 6 ++---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index 423c4d4b612..f7256ce3bbd 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -62,9 +62,8 @@ tasks.japicmp { configurations.all { resolutionStrategy { - // use lower Jackson version - force 'com.fasterxml.jackson.core:jackson-databind:2.8.8' - force 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.8.8' + force 'com.fasterxml.jackson.core:jackson-databind:2.19.0' + force 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.0' } } @@ -100,7 +99,7 @@ dependencies { api 'com.github.docker-java:docker-java-transport-zerodep' shaded 'com.google.guava:guava:33.3.1-jre' - shaded "org.yaml:snakeyaml:1.33" + shaded "org.yaml:snakeyaml:2.4" shaded 'org.glassfish.main.external:trilead-ssh2-repackaged:4.1.2' diff --git a/modules/k3s/build.gradle b/modules/k3s/build.gradle index e1454505c7e..fe963d8d5b5 100644 --- a/modules/k3s/build.gradle +++ b/modules/k3s/build.gradle @@ -3,10 +3,8 @@ description = "Testcontainers :: K3S" dependencies { api project(":testcontainers") - // https://youtu.be/otCpCn0l4Wo - // The core module depends on jackson-databind 2.8.x for backward compatibility. - // Any >2.8 version here is not compatible with jackson-databind 2.8.x. - shaded 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.8.8' + // Synchronize with the jackson version, must match major and minor version + shaded 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.0' testImplementation 'io.fabric8:kubernetes-client:6.13.1' testImplementation 'io.kubernetes:client-java:21.0.1-legacy' From 14deb03ba2e0f32679991f4663525843ec54861f Mon Sep 17 00:00:00 2001 From: Zach Chuba Date: Mon, 14 Jul 2025 08:13:34 -0400 Subject: [PATCH 2/2] Bump version of docker-java-bom to 3.5.3 Also downgrade jackson to 2.18.4 to be aligned with docker-java-bom. --- core/build.gradle | 8 ++++---- modules/k3s/build.gradle | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index f7256ce3bbd..85eb011679f 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -62,8 +62,8 @@ tasks.japicmp { configurations.all { resolutionStrategy { - force 'com.fasterxml.jackson.core:jackson-databind:2.19.0' - force 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.0' + force 'com.fasterxml.jackson.core:jackson-databind:2.18.4' + force 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.4' } } @@ -87,8 +87,8 @@ dependencies { shaded 'org.awaitility:awaitility:4.2.0' - api platform('com.github.docker-java:docker-java-bom:3.4.2') - shaded platform('com.github.docker-java:docker-java-bom:3.4.2') + api platform('com.github.docker-java:docker-java-bom:3.5.3') + shaded platform('com.github.docker-java:docker-java-bom:3.5.3') api "com.github.docker-java:docker-java-api" diff --git a/modules/k3s/build.gradle b/modules/k3s/build.gradle index fe963d8d5b5..d6a250122b8 100644 --- a/modules/k3s/build.gradle +++ b/modules/k3s/build.gradle @@ -4,7 +4,7 @@ dependencies { api project(":testcontainers") // Synchronize with the jackson version, must match major and minor version - shaded 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.19.0' + shaded 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.18.4' testImplementation 'io.fabric8:kubernetes-client:6.13.1' testImplementation 'io.kubernetes:client-java:21.0.1-legacy'