Skip to content

Commit

Permalink
Update Jackson dependencies to latest version (v2.17.2)
Browse files Browse the repository at this point in the history 
jackson-databind v2.7.0 and jackson-datatype-jsr310 v2.7.4 are severely
outdated, and have critical security vulnerabilities. However, newer
versions of the library serialize relative paths as absolute, causing
tests to fail when updating the dependencies. This is fixed by modifying
the ObjectMapper to use ToStringSerializer for the Path class, which
serializes relative paths correctly.

Let's update the Jackson dependencies to the latest version (v2.17.2) to
resolve the security vulnerabilities and remove the IntelliJ warning.
  • Loading branch information
@aureliony
aureliony committed Jul 27, 2024
1 parent 934f740 commit 1cf3288
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
4 changes: 2 additions & 2 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ dependencies {
implementation group: 'org.openjfx', name: 'javafx-graphics', version: javaFxVersion, classifier: 'mac'
implementation group: 'org.openjfx', name: 'javafx-graphics', version: javaFxVersion, classifier: 'linux'

implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.7.0'
implementation group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jsr310', version: '2.7.4'
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.17.2'
implementation group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jsr310', version: '2.17.2'

testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: jUnitVersion

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/seedu/address/commons/util/JsonUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@ public class JsonUtil {
.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY)
.registerModule(new SimpleModule("SimpleModule")
.addSerializer(Level.class, new ToStringSerializer())
.addDeserializer(Level.class, new LevelDeserializer(Level.class)));
.addDeserializer(Level.class, new LevelDeserializer(Level.class))
.addSerializer(Path.class, new ToStringSerializer()));

static <T> void serializeObjectToJsonFile(Path jsonFile, T objectToSerialize) throws IOException {
FileUtil.writeToFile(jsonFile, toJsonString(objectToSerialize));
Expand Down

0 comments on commit 1cf3288

Please sign in to comment.