From 09832173f47f9a0b1ce2a4805dfed4a7fec8d385 Mon Sep 17 00:00:00 2001
From: "cfieber@netflix.com" <cfieber@netflix.com>
Date: Tue, 3 Sep 2019 13:21:19 -0700
Subject: [PATCH] fix(vuln): upgrade jackson for CVE remediation

the updated bom bumps jackson-databind from 2.9.9 -> 2.9.9.3

see https://github.com/FasterXML/jackson-databind/issues/2387
---
 spinnaker-dependencies/spinnaker-dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spinnaker-dependencies/spinnaker-dependencies.gradle b/spinnaker-dependencies/spinnaker-dependencies.gradle
index 12aac4579..8524e51d6 100644
--- a/spinnaker-dependencies/spinnaker-dependencies.gradle
+++ b/spinnaker-dependencies/spinnaker-dependencies.gradle
@@ -50,7 +50,7 @@ dependencies {
   api(platform("org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.0"))
   api(platform("org.jetbrains.kotlin:kotlin-bom:1.3.50"))
   api(platform("org.junit:junit-bom:5.5.1"))
-  api(platform("com.fasterxml.jackson:jackson-bom:2.9.9"))
+  api(platform("com.fasterxml.jackson:jackson-bom:2.9.9.20190807"))
   api(platform("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}"))
   api(platform("org.springframework.cloud:spring-cloud-dependencies:${versions.springCloud}"))
   api(platform("com.amazonaws:aws-java-sdk-bom:${versions.aws}"))