Revert "chore: update jackson (#238)" (#239)

This reverts commit e7b38f4.

build.gradle.kts

@@ -160,7 +160,7 @@ dependencies {
     testImplementation("com.github.marschall:memoryfilesystem:latest.release")
 
     // for generating properties migration configurations
-    testImplementation("com.fasterxml.jackson.core:jackson-databind:2.14.0")
+    testImplementation("com.fasterxml.jackson.core:jackson-databind:2.13.4")
     testImplementation("io.github.classgraph:classgraph:latest.release")
     testImplementation("org.openrewrite:rewrite-java-17:${rewriteVersion}")
     testImplementation("org.openrewrite.recipe:rewrite-migrate-java:${rewriteVersion}")

src/main/java/org/openrewrite/java/spring/AddSpringProperty.java

@@ -63,15 +63,15 @@ public class AddSpringProperty extends Recipe {
     @Option(displayName = "Optional list of file path matcher",
             description = "Each value in this list represents a glob expression that is used to match which files will " +
                           "be modified. If this value is not present, this recipe will query the execution context for " +
-                          "reasonable defaults. (\"**/application.yml\", \"**/application.yml\", and \"**/application.properties\"",
+                          "reasonable defaults. (\"**/application.yml\", \"**/application.yml\", and \"**/application.properties\".",
             required = false,
             example = "**/application.yml")
     @Nullable
     List<String> pathExpressions;
 
     @Override
     public String getDisplayName() {
-        return "Add a spring configuration property to a configuration file if it does not already exist in that file.";
+        return "Add a spring configuration property to a configuration file if it does not already exist in that file";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/ChangeSpringPropertyKey.java

@@ -36,7 +36,7 @@ public class ChangeSpringPropertyKey extends Recipe {
 
     @Override
     public String getDisplayName() {
-        return "Change the key of a spring application property.";
+        return "Change the key of a spring application property";
     }
 
     @Option(displayName = "Old property key",

src/main/java/org/openrewrite/java/spring/DeleteSpringProperty.java

@@ -38,7 +38,7 @@ public class DeleteSpringProperty extends Recipe {
 
     @Override
     public String getDisplayName() {
-        return "Delete a spring configuration property from any configuration files that contains a matching key.";
+        return "Delete a spring configuration property from any configuration files that contains a matching key";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/YamlPropertiesToKebabCase.java

@@ -37,7 +37,7 @@ public String getDescription() {
                 "With [Spring's relaxed binding](https://docs.spring.io/spring-boot/docs/2.5.6/reference/html/features.html#features.external-config.typesafe-configuration-properties.relaxed-binding), " +
                 "`kebab-case` may be used in properties files and still be converted to configuration beans. " +
                 "Note, an exception to this is the case of `@Value`, which is match-sensitive. For example, `@Value(\"${anExampleValue}\")` will not match `an-example-value`. " +
-                "[The Spring reference documentation recommends using `kebab-case` for properties where possible.](https://docs.spring.io/spring-boot/docs/2.5.6/reference/html/features.html#features.external-config.typesafe-configuration-properties.relaxed-binding)";
+                "[The Spring reference documentation recommends using `kebab-case` for properties where possible.](https://docs.spring.io/spring-boot/docs/2.5.6/reference/html/features.html#features.external-config.typesafe-configuration-properties.relaxed-binding) .";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/boot2/DatabaseComponentAndBeanInitializationOrdering.java

@@ -41,7 +41,7 @@ public class DatabaseComponentAndBeanInitializationOrdering extends Recipe {
 
     @Override
     public String getDisplayName() {
-        return "Adds @DependsOnDatabaseInitialization to Spring Beans and Components depending on javax.sql.DataSource.";
+        return "Adds @DependsOnDatabaseInitialization to Spring Beans and Components depending on javax.sql.DataSource";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/boot2/MigrateActuatorMediaTypeToApiVersion.java

@@ -33,7 +33,7 @@ public String getDisplayName() {
 
     @Override
     public String getDescription() {
-        return "Spring-Boot-Actuator `ActuatorMediaType` was deprecated in 2.5 in favor of `ApiVersion#getProducedMimeType()`. Replace `MediaType.parseMediaType(ActuatorMediaType.Vx_JSON)` with `MediaType.asMediaType(ApiVersion.Vx.getProducedMimeType())`";
+        return "Spring-Boot-Actuator `ActuatorMediaType` was deprecated in 2.5 in favor of `ApiVersion#getProducedMimeType()`. Replace `MediaType.parseMediaType(ActuatorMediaType.Vx_JSON)` with `MediaType.asMediaType(ApiVersion.Vx.getProducedMimeType())`.";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/boot2/MigrateDatabaseCredentials.java

@@ -35,7 +35,7 @@ public class MigrateDatabaseCredentials extends Recipe {
 
     @Override
     public String getDisplayName() {
-        return "Migrate flyway and liquibase credentials.";
+        return "Migrate flyway and liquibase credentials";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/boot3/PreciseBeanType.java

@@ -38,7 +38,7 @@ public String getDisplayName() {
 
     @Override
     public String getDescription() {
-        return "Replace Bean method return types with concrete types being returned. This is required for Spring 6 AOT";
+        return "Replace Bean method return types with concrete types being returned. This is required for Spring 6 AOT.";
     }
 
     @Override

src/main/java/org/openrewrite/java/spring/framework/MigrateWebMvcConfigurerAdapter.java

@@ -31,7 +31,7 @@
 public class MigrateWebMvcConfigurerAdapter extends Recipe {
     @Override
     public String getDisplayName() {
-        return "Transform classes that extend `WebMvcConfigurerAdapter` to implement the `WebMvcConfigurer` interface instead.";
+        return "Transform classes that extend `WebMvcConfigurerAdapter` to implement the `WebMvcConfigurer` interface instead";
     }
 
     @Override

src/main/java/org/openrewrite/maven/spring/UpgradeExplicitSpringBootDependencies.java

@@ -68,7 +68,7 @@ public String getDisplayName() {
 
     @Override
     public String getDescription() {
-        return "Upgrades un-managed spring-boot project dependencies according to the specified spring-boot version";
+        return "Upgrades un-managed spring-boot project dependencies according to the specified spring-boot version.";
     }
 
     private synchronized void buildDependencyMap() throws MavenDownloadingException {

suppressions.xml

@@ -1,3 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-11-12Z">
+        <notes><![CDATA[
+            file name: jackson-databind-2.13.4.jar
+            sev:HIGH
+            In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+        <cve>CVE-2022-42003</cve>
+    </suppress>
 </suppressions>