[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.5 to 2.12.3

[snyk-bot]

Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.5 to 2.12.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 38 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2021-04-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015	630/1000 Why? Has a fix available, CVSS 8.1	Mature
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	630/1000 Why? Has a fix available, CVSS 8.1	Mature
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829	630/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	630/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[pull-request-quantifier-deprecated]

This PR has 4 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +2 -2
Percentile : 1.6%

Total files changed: 1

Change summary by file extension:
.xml : +2 -2

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.