[Bug]: Vulnerability analysis reports com.fasterxml.jackson.core:jackson-core:2.19.2 with GHSA-72hv-8253-57qq

[makerMcl]

What happened?

my IDE reports that dependency maven:com.fasterxml.jackson.core:jackson-core:2.19.2 is vulnerable for GHSA-72hv-8253-57qq, Score: 7.5:
dependency maven:com.fasterxml.jackson.core:jackson-core:2.19.2 is vulnerable.
There is an updated version of jackson-core, update to unaffected version 2.21.1

Version

v0.13.1

Programming Languages

• plc4c
• plc4go
• plc4j
• plc4net
• plc4py

Protocols

• AB-Ethernet
• ADS /AMS
• BACnet/IP
• C-Bus
• CANopen
• EtherNet/IP
• Firmata
• IEC-69870
• KNXnet/IP
• Modbus
• OPC-UA
• Profinet
• S7
• S7-light

[chrisdutz]

Hehe ... they are usually updated by @sruehl ... he's the dependency-bumper here ;-) Had those reports in my re-implementation too. But as everything related to jackson is pure unit-test code (I think) it's not really serious. I think we only use Jackson for running the XML ParserSerializer tests and the XML DriverTestsuite tests.