Commit b1932a3
fix(deps): add constraint for Jackson Core 3.x to address GHSA-2m67-wjpj-xhg9
Add dependency constraint to ensure Jackson Core 3.x uses version 3.1.1 or later
if pulled in as transitive dependency. This fixes a high severity vulnerability
where Jackson Core 3.0.0-3.1.0 does not consistently enforce maxDocumentLength
constraint, which could allow DoS attacks.
Resolves dependabot alert #41
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>1 parent 74d0c84 commit b1932a3
1 file changed
+6
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
16 | 22 | | |
17 | 23 | | |
18 | 24 | | |
| |||
0 commit comments