update jackson dependencies to use bom (#11353)

Switching to the bom dependency declaration simplifies managing jackson dependencies. It also removes the need to override individual library versions for CVE fixes, since the bom takes care of that internally. This change aligns our jackson dependency versions on 2.10.5(.x): - updates jackson libraries from 2.10.2 to 2.10.5 - jackson-databind remains at 2.10.5.1 as defined in the bom Release notes: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10
2025-03-06 09:19:44 +00:00 · 2021-06-16 18:37:30 -07:00 · 2021-06-16 18:37:30 -07:00 · a1c20d7457
commit a1c20d7457
parent 712f2a5d00
8 changed files with 6 additions and 80 deletions
--- a/cloud/gcp-common/pom.xml
+++ b/cloud/gcp-common/pom.xml
@ -63,7 +63,6 @@
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>com.google.http-client</groupId>
--- a/extensions-contrib/aliyun-oss-extensions/pom.xml
+++ b/extensions-contrib/aliyun-oss-extensions/pom.xml
@ -48,7 +48,6 @@
        <dependency>
            <groupId>com.fasterxml.jackson.module</groupId>
            <artifactId>jackson-module-guice</artifactId>
-            <version>${jackson.version}</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
--- a/extensions-contrib/cloudfiles-extensions/pom.xml
+++ b/extensions-contrib/cloudfiles-extensions/pom.xml
@ -146,17 +146,6 @@
        <dependency>
            <groupId>com.fasterxml.jackson.module</groupId>
            <artifactId>jackson-module-guice</artifactId>
-            <version>${jackson.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.fasterxml.jackson.core</groupId>
-                    <artifactId>jackson-databind</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.fasterxml.jackson.core</groupId>
-                    <artifactId>jackson-core</artifactId>
-                </exclusion>
-            </exclusions>
        </dependency>

        <!-- Tests -->
--- a/extensions-contrib/moving-average-query/pom.xml
+++ b/extensions-contrib/moving-average-query/pom.xml
@ -119,7 +119,6 @@
    <dependency>
      <groupId>com.fasterxml.jackson.dataformat</groupId>
      <artifactId>jackson-dataformat-yaml</artifactId>
-      <version>${jackson.version}</version>
      <scope>test</scope>
    </dependency>
    <dependency>
--- a/extensions-core/azure-extensions/pom.xml
+++ b/extensions-core/azure-extensions/pom.xml
@ -67,7 +67,6 @@
        <dependency>
            <groupId>com.fasterxml.jackson.module</groupId>
            <artifactId>jackson-module-guice</artifactId>
-            <version>${jackson.version}</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
--- a/extensions-core/s3-extensions/pom.xml
+++ b/extensions-core/s3-extensions/pom.xml
@ -54,7 +54,6 @@
    <dependency>
      <groupId>com.fasterxml.jackson.module</groupId>
      <artifactId>jackson-module-guice</artifactId>
-      <version>${jackson.version}</version>
      <scope>provided</scope>
    </dependency>
    <dependency>
--- a/licenses.yaml
+++ b/licenses.yaml
@ -244,7 +244,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.10.2
+version: 2.10.5
 libraries:
  - com.fasterxml.jackson.core: jackson-annotations
  - com.fasterxml.jackson.core: jackson-core
--- a/pom.xml
+++ b/pom.xml
@ -94,8 +94,7 @@
        <hamcrest.version>1.3</hamcrest.version>
        <jetty.version>9.4.40.v20210413</jetty.version>
        <jersey.version>1.19.3</jersey.version>
-        <jackson.version>2.10.2</jackson.version>
-        <jackson.databind.version>2.10.5.1</jackson.databind.version>
+        <jackson.version>2.10.5.20201202</jackson.version>
        <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
        <log4j.version>2.8.2</log4j.version>
        <mysql.version>5.1.48</mysql.version>
@ -449,53 +448,11 @@
                <version>1.3.3-1</version>
            </dependency>
            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-annotations</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-core</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-databind</artifactId>
-                <version>${jackson.databind.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.datatype</groupId>
-                <artifactId>jackson-datatype-guava</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.datatype</groupId>
-                <artifactId>jackson-datatype-joda</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <!--
-                  ~ This is a transitive dependency of com.amazonaws:aws-java-sdk-core. Override the version here so
-                  ~ that it is the same as the other jackson dependencies.
-                  -->
-                <groupId>com.fasterxml.jackson.dataformat</groupId>
-                <artifactId>jackson-dataformat-cbor</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.dataformat</groupId>
-                <artifactId>jackson-dataformat-smile</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.jaxrs</groupId>
-                <artifactId>jackson-jaxrs-json-provider</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.jaxrs</groupId>
-                <artifactId>jackson-jaxrs-smile-provider</artifactId>
+                <groupId>com.fasterxml.jackson</groupId>
+                <artifactId>jackson-bom</artifactId>
                <version>${jackson.version}</version>
+                <scope>import</scope>
+                <type>pom</type>
            </dependency>
            <dependency>
                <groupId>org.hibernate</groupId>
@ -1210,21 +1167,6 @@
                    </exclusion>
                </exclusions>
            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.module</groupId>
-                <artifactId>jackson-module-guice</artifactId>
-                <version>${jackson.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.core</groupId>
-                        <artifactId>jackson-core</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>com.fasterxml.jackson.core</groupId>
-                        <artifactId>jackson-databind</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
            <dependency>
                <groupId>io.github.resilience4j</groupId>
                <artifactId>resilience4j-bulkhead</artifactId>