From 1cf328851f18d9c5387761734b0faf10eec70635 Mon Sep 17 00:00:00 2001 From: aureliony <39163684+aureliony@users.noreply.github.com> Date: Sun, 28 Jul 2024 03:06:14 +0800 Subject: [PATCH] Update Jackson dependencies to latest version (v2.17.2) jackson-databind v2.7.0 and jackson-datatype-jsr310 v2.7.4 are severely outdated, and have critical security vulnerabilities. However, newer versions of the library serialize relative paths as absolute, causing tests to fail when updating the dependencies. This is fixed by modifying the ObjectMapper to use ToStringSerializer for the Path class, which serializes relative paths correctly. Let's update the Jackson dependencies to the latest version (v2.17.2) to resolve the security vulnerabilities and remove the IntelliJ warning. --- build.gradle | 4 ++-- src/main/java/seedu/address/commons/util/JsonUtil.java | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 0db37435..4911ff05 100644 --- a/build.gradle +++ b/build.gradle @@ -57,8 +57,8 @@ dependencies { implementation group: 'org.openjfx', name: 'javafx-graphics', version: javaFxVersion, classifier: 'mac' implementation group: 'org.openjfx', name: 'javafx-graphics', version: javaFxVersion, classifier: 'linux' - implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.7.0' - implementation group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jsr310', version: '2.7.4' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.17.2' + implementation group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jsr310', version: '2.17.2' testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: jUnitVersion diff --git a/src/main/java/seedu/address/commons/util/JsonUtil.java b/src/main/java/seedu/address/commons/util/JsonUtil.java index 100cb16c..abdbc7f3 100644 --- a/src/main/java/seedu/address/commons/util/JsonUtil.java +++ b/src/main/java/seedu/address/commons/util/JsonUtil.java @@ -37,7 +37,8 @@ public class JsonUtil { .setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY) .registerModule(new SimpleModule("SimpleModule") .addSerializer(Level.class, new ToStringSerializer()) - .addDeserializer(Level.class, new LevelDeserializer(Level.class))); + .addDeserializer(Level.class, new LevelDeserializer(Level.class)) + .addSerializer(Path.class, new ToStringSerializer())); static void serializeObjectToJsonFile(Path jsonFile, T objectToSerialize) throws IOException { FileUtil.writeToFile(jsonFile, toJsonString(objectToSerialize));