From b81fc0757495a99da94d677a3dd889f36b503307 Mon Sep 17 00:00:00 2001
From: David Pursehouse <dpursehouse@collab.net>
Date: Thu, 31 Oct 2019 08:36:34 +0900
Subject: [PATCH] Upgrade jackson-core to 2.10.0

Includes a fix for CVE-2019-12384 [1] that affects versions prior
to 2.9.9.1.

Note that so far we only use Jackson in the Elasticsearch integration
and we have a pending investigation of whether it's possible to remove
this dependency [2].

[1] https://nvd.nist.gov/vuln/detail/CVE-2019-12384
[2] https://bugs.chromium.org/p/gerrit/issues/detail?id=11641

Change-Id: I3fa5993ab2d010c0a4b5a249112678a6318e9852
---
 WORKSPACE | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/WORKSPACE b/WORKSPACE
index 552cccec4b..800276edb8 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -924,8 +924,8 @@ maven_jar(
 
 maven_jar(
     name = "jackson-core",
-    artifact = "com.fasterxml.jackson.core:jackson-core:2.9.8",
-    sha1 = "0f5a654e4675769c716e5b387830d19b501ca191",
+    artifact = "com.fasterxml.jackson.core:jackson-core:2.10.0",
+    sha1 = "4e2c5fa04648ec9772c63e2101c53af6504e624e",
 )
 
 TESTCONTAINERS_VERSION = "1.12.3"