Bump com.fasterxml.jackson.core:jackson-databind from 2.13.4.1 to 2.22.0#11
Conversation
Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.13.4.1 to 2.22.0. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.22.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
PR Reviewer Guide 🔍在 pom.xml 中新增 jackson-databind 依赖 本 PR 在 pom.xml 中新增了 jackson-databind 依赖。但所指定的版本 2.22.0 并不存在,且与已声明的 jackson-annotations 2.13.5 版本不一致,需修正版本以保证构建可用与模块兼容。 Changes Walkthrough
Findings Summary
Key issues to review: jackson-databind 版本不存在 —
|
PR Code Suggestions ✨Possible bug
🤖 Scanner |
| @@ -50,7 +50,7 @@ | |||
| <dependency> | |||
| <groupId>com.fasterxml.jackson.core</groupId> | |||
There was a problem hiding this comment.
🟠 jackson-databind 2.22.0 版本不存在,会导致依赖解析失败 · 📎 pom.xml:51-55
本次变更新增的 jackson-databind 依赖指定版本为 2.22.0。Jackson 2.x 系列目前并不存在 2.22.0 这一发布版本(截至当前最新为 2.1x 系列)。该坐标无法从中央仓库解析,会直接导致 Maven 构建失败。此外该版本与下方已声明的 jackson-annotations 2.13.5 存在严重的版本错配,Jackson 各模块(databind/annotations/core)应保持同一版本线,混用极易引发运行时 NoSuchMethodError/不兼容问题。建议统一为一个真实存在且彼此匹配的版本。
Suggestion: 将 jackson-databind 改为真实存在且与 jackson-annotations 一致的版本,并保持 Jackson 各模块版本统一(建议同时升级 annotations)。
| <groupId>com.fasterxml.jackson.core</groupId> | |
| <dependency> | |
| <groupId>com.fasterxml.jackson.core</groupId> | |
| <artifactId>jackson-databind</artifactId> | |
| <version>2.13.5</version> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.apache.commons</groupId> |
🤖 Scanner
Bumps com.fasterxml.jackson.core:jackson-databind from 2.13.4.1 to 2.22.0.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.