There is a vulnerability in jackson-databind:2.10.1,upgrade recommended

[QiAnXinCodeSafe]

kotlinx.html/build.gradle.kts

Line 204 in 3466e6f

implementation("com.fasterxml.jackson.core:jackson-databind:2.10.1")

CVE-2020-25649 CVE-2022-42004 CVE-2022-42003 CVE-2020-36518

Recommended upgrade version：2.12.7.1

[severn-everett]

Is this dependency necessary? I couldn't find any references to Jackson in the code and was able to execute the tests in jvmTest successfully with the Jackson dependencies removed in my PR.

[severn-everett]

The dependency has been removed in this commit. @e5l who would be able to close this issue?

[e5l]

Thanks, closed