Merged requested to merge upgrade-jackson-databind into master
This MR upgrades the Jackson Databind version to address CVE-2020-36518.
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tagging Notes didn't catch it (because it coerces versions into a triplet).
Dependency Information After the Upgrade
Branch: upgrade-jackson-databind SHA: d2923b9f8aff20fcbed4af1652074ff529c50ec3 Maven: 0.16.0-SNAPSHOT
|(3rd Party) com.fasterxml.jackson.core.jackson-databind||184.108.40.206|