You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2022/05/22 21:12:31 UTC

[GitHub] [spark] dongjoon-hyun commented on a diff in pull request #36627: [SPARK-39250][BUILD] Upgrade Jackson to 2.13.3

dongjoon-hyun commented on code in PR #36627:
URL: https://github.com/apache/spark/pull/36627#discussion_r878926439


##########
pom.xml:
##########
@@ -170,8 +170,8 @@
     <!-- for now, not running scalafmt as part of default verify pipeline -->
     <scalafmt.skip>true</scalafmt.skip>
     <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
-    <fasterxml.jackson.version>2.13.2</fasterxml.jackson.version>
-    <fasterxml.jackson.databind.version>2.13.2.1</fasterxml.jackson.databind.version>
+    <fasterxml.jackson.version>2.13.3</fasterxml.jackson.version>
+    <fasterxml.jackson.databind.version>2.13.3</fasterxml.jackson.databind.version>

Review Comment:
   If you look at the history, SPARK-38665 is not the only one did that. `databind` is frequently separated and merged back repeatedly. :) That's the reason why I decided not to remote that property back in this PR. 
   
   ```
   [SPARK-38665][BUILD] Upgrade jackson due to CVE-2020-36518
   [SPARK-33695][BUILD] Upgrade to jackson to 2.10.5 and jackson-databind to 2.10.5.1
   [SPARK-28728][BUILD] Bump Jackson Databind to 2.9.9.3
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org