CHK-13321: override jackson-bom version to 3.1.1 for GHSA-2m67-wjpj-xhg9

pboos · claude · pboos · commit fda82d3ae1f5 · 2026-04-10T11:34:27.000+02:00
The existing constraint in openapi-validation-core was not sufficient
because the Spring Boot dependency management plugin overrides strict
version constraints with the BOM-managed version (3.1.0). This adds
ext['jackson-bom.version'] = '3.1.1' to the example projects that use
the spring-dependency-management plugin, ensuring jackson-core resolves
to the patched 3.1.1 version.

Closes CHK-13321

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/examples/example-spring-boot-starter-web/build.gradle b/examples/example-spring-boot-starter-web/build.gradle
@@ -5,6 +5,8 @@ plugins {
     alias(libs.plugins.openapi.generator)
 }
 
+ext['jackson-bom.version'] = '3.1.1'
+
 dependencies {
     implementation project(':examples:examples-common')
     implementation project(':spring-boot-starter:spring-boot-starter-web')
diff --git a/examples/example-spring-boot-starter-webflux/build.gradle b/examples/example-spring-boot-starter-webflux/build.gradle
@@ -5,6 +5,8 @@ plugins {
     alias(libs.plugins.openapi.generator)
 }
 
+ext['jackson-bom.version'] = '3.1.1'
+
 dependencies {
     implementation project(':examples:examples-common')
     implementation project(':spring-boot-starter:spring-boot-starter-webflux')

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@ plugins {`
`5`	`5`	`alias(libs.plugins.openapi.generator)`
`6`	`6`	`}`
`7`	`7`
	`8`	`+ext['jackson-bom.version'] = '3.1.1'`
	`9`	`+`
`8`	`10`	`dependencies {`
`9`	`11`	`implementation project(':examples:examples-common')`
`10`	`12`	`implementation project(':spring-boot-starter:spring-boot-starter-web')`