This MR upgrades the Jackson Databind version to address CVE-2020-36518.
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tagging Notes didn't catch it (because it coerces versions into a triplet).
Dependency Information After the Upgrade
Branch: upgrade-jackson-databind SHA: 7cde780c48d07eec1131a99fa4859c4af3df6b58 Maven: 0.16.0-SNAPSHOT
|(3rd Party) com.fasterxml.jackson.core.jackson-databind||18.104.22.168|