com.fasterxml.jackson.core 2.9.9 has a vulnerability
Created by: muffato
Use case
See https://github.com/Ensembl/ensembl-hive/network/alert/wrappers/java/pom.xml/com.fasterxml.jackson.core:jackson-databind/open and https://nvd.nist.gov/vuln/detail/CVE-2019-12814 for a description of the vulnerability. I'm not aware of anyone using Java and eHive (I'm only aware of plans to do so) but I thought. Let's patch this and make GitHub happy.
Description
Just bumped to 2.9.9.1. I don't want to define to an open interval as this is version/2.5, which shouldn't get any significant changes, and upstream may break the interface in a 3.* version.
Possible Drawbacks
2.9.9.1 seems compatible, so I can't see any drawbacks
Testing
Have you added/modified unit tests to test the changes?
Nothing to change.
Have you run the entire test suite and no regression was detected?
Yes. OK