Recommended update for jackson

Announcement ID:	SUSE-RU-2024:1764-2
Rating:	moderate
References:
Affected Products:	openSUSE Leap 15.6

An update that can now be installed.

Description:

This update for jackson fixes the following issues:

jackson-annotations was upgraded to version 2.16.1:

• Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling
• Allow per-type configuration of strict type id handling
• Added JsonTypeInfo.Value object (backport from 3.0)
• Added new JsonTypeInfo.Id.SIMPLE_NAME

jackson-bom was upgraded to version 2.16.1:

• Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through "de-sugaring"

jackson-core was upgraded to version 2.16.1:

• NPE in Version.equals() if snapshot-info null
• NPE in "FastDoubleParser", method "JavaBigDecimalParser.parseBigDecimal()"
• JsonPointer.append(JsonPointer.tail()) includes the original pointer
• Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16
• Improve error message for StreamReadConstraints violations
• JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES
• Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest
• Allow all array elements in JsonPointerBasedFilter
• Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation
• Start using AssertJ in unit tests
• Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON)
• Add configurable limit for the maximum number of bytes/chars of content to parse before failing
• Add configurable limit for the maximum length of Object property names to parse before failing
• Add configurable processing limits for JSON generator (StreamWriteConstraints)
• Compare _snapshotInfo in Version
• Add JsonGeneratorDecorator to allow decorating JsonGenerators
• Add full set of BufferRecyclerPool implementations
• Add configurable error report behavior via ErrorReportConfiguration
• Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs
• Allow pluggable buffer recycling via new RecyclerPool extension point
• Change parsing error message to mention -INF

jackson-databind was upgraded to version 2.16.1:

• JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument
• Primitive array deserializer not being captured by DeserializerModifier
• JsonNode.findValues() and findParents() missing expected values in 2.16.0
• Incorrect deserialization for BigDecimal numbers
• Add a way to configure caches Jackson uses
• Mix-ins do not work for Enums
• Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes
• Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY
• Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double
• @JsonIgnoreProperties not working with @JsonValue
• Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing
• Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route
• Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per-polymorphic type loose Type Id handling
• Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE)
• Incorrect target type when disabling coercion, trying to deserialize String from Array/Object
• @JsonProperty on constructor parameter changes default field serialization order
• Create new JavaType subtype IterationType (extending SimpleType)
• Use JsonTypeInfo.Value for annotation handling
• Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON)
• Optimize ObjectNode findValue(s) and findParent(s) fast paths
• Locale "" is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled
• Add guardrail setting for TypeParser handling of type parameters
• Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled
• Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used
• Use @JsonProperty and lowercase feature when serializing Enums despite using toString()
• Use @JsonProperty over EnumNamingStrategy for Enum serialization
• Actually cache EnumValues#internalMap
• ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE
• Provide the "ObjectMapper.treeToValue(TreeNode, TypeReference)" method
• Expose NativeImageUtil.isRunningInNativeImage() method
• Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName()
• Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors
• java.desktop module is no longer optional
• ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+
• Support sequenced collections (JDK 21)
• Add withObjectProperty(String), withArrayProperty(String) in JsonNode
• Change JsonNode.withObject(String) to work similar to withArray() wrt argument
• Log WARN if deprecated subclasses of PropertyNamingStrategy is used
• NPE when transforming a tree to a model class object, at ArrayNode.elements()
• Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type)
• Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums
• Do not rewind position when serializing direct ByteBuffer
• Exception when deserialization of private record with default constructor
• BeanDeserializer updates currentValue incorrectly when deserialising empty Object

jackson-dataformats-binary was upgraded to version 2.16.1:

• (ion) NullPointerException in IonParser.nextToken()
• (smile) Remove Smile-specific buffer-recycling

jackson-modules-base was upgraded to version 2.16.1:

• (afterburner) Disable when running in native-image
• (afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations
• (blackbird) BlackBird proxy object error in Java 17
• (blackbird) Disable when running in native-image
• (guice) Add guice7 (jakarta.inject) module

jackson-parent was upgraded to version 2.16:

• Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin)

jackson-parent, fasterxml-oss-parent:

• Added to SUSE Manager 4.3 as it is needed by jackson-modules-base

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2024-1764=1

Package List:

• openSUSE Leap 15.6 (noarch)
  • jackson-module-mrbean-2.16.1-150200.5.11.1
  • jackson-annotations-javadoc-2.16.1-150200.3.14.4
  • jackson-dataformat-cbor-2.16.1-150200.3.13.6
  • jackson-core-2.16.1-150200.3.14.7
  • jackson-dataformats-binary-javadoc-2.16.1-150200.3.13.6
  • jackson-dataformats-binary-2.16.1-150200.3.13.6
  • jackson-module-paranamer-2.16.1-150200.5.11.1
  • jackson-module-jaxb-annotations-2.16.1-150200.5.11.1
  • jackson-modules-base-2.16.1-150200.5.11.1
  • fasterxml-oss-parent-38-150200.3.2.1
  • jackson-modules-base-javadoc-2.16.1-150200.5.11.1
  • jackson-module-no-ctor-deser-2.16.1-150200.5.11.1
  • jackson-core-javadoc-2.16.1-150200.3.14.7
  • jackson-bom-2.16.1-150200.3.11.1
  • jackson-dataformat-smile-2.16.1-150200.3.13.6
  • jackson-module-guice-2.16.1-150200.5.11.1
  • jackson-module-blackbird-2.16.1-150200.5.11.1
  • jackson-parent-2.16-150200.3.10.1
  • jackson-databind-2.16.1-150200.3.18.1
  • jackson-databind-javadoc-2.16.1-150200.3.18.1
  • jackson-module-osgi-2.16.1-150200.5.11.1
  • jackson-annotations-2.16.1-150200.3.14.4
  • jackson-module-afterburner-2.16.1-150200.5.11.1