Skip to content

Chore/remaining dependency updates#920

Merged
ybezsonov merged 2 commits into
mainfrom
chore/remaining-dependency-updates
Jul 2, 2026
Merged

Chore/remaining dependency updates#920
ybezsonov merged 2 commits into
mainfrom
chore/remaining-dependency-updates

Conversation

@ybezsonov

Copy link
Copy Markdown
Contributor

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Yuriy Bezsonov added 2 commits July 2, 2026 09:35
jackson-databind 2.22.0 is affected by GHSA-5jmj-h7xm-6q6v (case-
insensitive deserialization bypasses per-property @JsonIgnoreProperties)
and no patched 2.22.x release exists yet. Downgrade to 2.21.4, the
highest release outside the vulnerable range.
The authorization server ships a vendored artifact pom under
META-INF/ that is dependency metadata, not a buildable module.
Exclude it from Maven scans so Dependabot stops opening noise PRs
against it.
@ybezsonov ybezsonov merged commit c9660e3 into main Jul 2, 2026
49 checks passed
@ybezsonov ybezsonov deleted the chore/remaining-dependency-updates branch July 2, 2026 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant