fix(security): bump jackson-databind to 2.18.8#160
Open
alexgomezlf wants to merge 7 commits into
Open
Conversation
…54512 and CVE-2026-54513 Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
…tion can post check runs Default GITHUB_TOKEN permissions are read-only, so EnricoMi/publish-unit-test-result-action was failing with 403 Resource not accessible by integration on every PR. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
…R comment checks:write alone got the check runs created, but the action's default comment_mode also posts/updates a PR comment, which needs pull-requests:write. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Contributor
Contributor
integration-test-results-cloud77 tests ±0 74 ✅ +1 3m 23s ⏱️ -51s For more details on these failures and errors, see this check. Results for commit 030ca55. ± Comparison against base commit 50913c6. ♻️ This comment has been updated with latest results. |
…lder Access denied errors trace back to the service principal not having access to whatever repo DEV_CA_PUBLIC_USE_REPOSITORY_ID_2 points to (confirmed via RepositoriesClientTest.listRepositoriesWorks: listRepositories() succeeds but that repo ID isn't in the returned list). Trying REPOSITORY_ID_1 (used by the dotnet/JS clients) with a hardcoded folder ID to see what actually fails now that auth itself isn't the blocker. Not a real fix - just a diagnostic. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the shared
jackson-versionproperty from 2.18.2 to 2.18.8 to remediate two Veracode-flagged CVEs in jackson-databind:Both are fixed upstream in 2.18.8.
Note: the v1 branch has the same vulnerable pin but is out of scope here since the flagged Veracode build corresponds to v2.
Fixes #679086
Fixes #679087