Upgrade jackson version in dependencies-bom

Upgrade jackson to 2.11.4, the same version used by springboot 2.3.8.RELEASE which is the version currently used in ccsdk/parent's springboot pom.
This is intended to fix the following security vulnerability:

Component(displayName=com.fasterxml.jackson.core : jackson-databind : 2.10.1, hash=18eee15ffc662d27538d) [
Constraint(Critical security vulnerability)
[Security Vulnerability Severity >= 7 because: Found security vulnerability CVE-2020-25649 with severity >= 7 (severity = 7.5)] ]]

Change-Id: I0d1727296ac3c3227e5e5666a796b08a63a61aaa
Issue-ID: CCSDK-3108
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>

diff --git a/dependencies-bom/pom.xml b/dependencies-bom/pom.xml
index 48be278..b084817 100644 (file)
--- a/dependencies-bom/pom.xml
+++ b/dependencies-bom/pom.xml
@@ -44,7 +44,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>
-                <version>2.10.1</version>
+                <version>2.11.4</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>