[Snyk] Fix for 7 vulnerabilities

Jeff Beardrequested to merge
snyk-fix-ce10793bc0012b5a349fcdc87a7f42ee into master

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Upgrade Breaking Change Exploit Maturity
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587 		com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:
2.4.3 -> 2.10.0
No No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade com.fasterxml.jackson.core:jackson-databind@2.9.5 to com.fasterxml.jackson.core:jackson-databind@2.10.0; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/repos/central/data/com/addthis/common/build/maven/pom/jar-pom/3.9.1/jar-pom-3.9.1.pom

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Merge request reports