Recommended update for jackson

Announcement ID:	SUSE-RU-2024:1764-2
Rating:	moderate
References:
Affected Products:	openSUSE Leap 15.6

An update that can now be installed.

Description:

This update for jackson fixes the following issues:

jackson-annotations was upgraded to version 2.16.1:

Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling
Allow per-type configuration of strict type id handling
Added JsonTypeInfo.Value object (backport from 3.0)
Added new JsonTypeInfo.Id.SIMPLE_NAME

jackson-bom was upgraded to version 2.16.1:

Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through "de-sugaring"

jackson-core was upgraded to version 2.16.1:

NPE in Version.equals() if snapshot-info null
NPE in "FastDoubleParser", method "JavaBigDecimalParser.parseBigDecimal()"
JsonPointer.append(JsonPointer.tail()) includes the original pointer
Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16
Improve error message for StreamReadConstraints violations
JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES
Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest
Allow all array elements in JsonPointerBasedFilter
Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation
Start using AssertJ in unit tests
Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON)
Add configurable limit for the maximum number of bytes/chars of content to parse before failing
Add configurable limit for the maximum length of Object property names to parse before failing
Add configurable processing limits for JSON generator (StreamWriteConstraints)
Compare _snapshotInfo in Version
Add JsonGeneratorDecorator to allow decorating JsonGenerators
Add full set of BufferRecyclerPool implementations
Add configurable error report behavior via ErrorReportConfiguration
Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs
Allow pluggable buffer recycling via new RecyclerPool extension point
Change parsing error message to mention -INF

jackson-databind was upgraded to version 2.16.1:

JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument
Primitive array deserializer not being captured by DeserializerModifier
JsonNode.findValues() and findParents() missing expected values in 2.16.0
Incorrect deserialization for BigDecimal numbers
Add a way to configure caches Jackson uses
Mix-ins do not work for Enums
Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes
Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY
Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double
@JsonIgnoreProperties not working with @JsonValue
Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing
Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route
Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per-polymorphic type loose Type Id handling
Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE)
Incorrect target type when disabling coercion, trying to deserialize String from Array/Object
@JsonProperty on constructor parameter changes default field serialization order
Create new JavaType subtype IterationType (extending SimpleType)
Use JsonTypeInfo.Value for annotation handling
Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON)
Optimize ObjectNode findValue(s) and findParent(s) fast paths
Locale "" is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled
Add guardrail setting for TypeParser handling of type parameters
Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled
Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used
Use @JsonProperty and lowercase feature when serializing Enums despite using toString()
Use @JsonProperty over EnumNamingStrategy for Enum serialization
Actually cache EnumValues#internalMap
ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE
Provide the "ObjectMapper.treeToValue(TreeNode, TypeReference)" method
Expose NativeImageUtil.isRunningInNativeImage() method
Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName()
Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors
java.desktop module is no longer optional
ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+
Support sequenced collections (JDK 21)
Add withObjectProperty(String), withArrayProperty(String) in JsonNode
Change JsonNode.withObject(String) to work similar to withArray() wrt argument
Log WARN if deprecated subclasses of PropertyNamingStrategy is used
NPE when transforming a tree to a model class object, at ArrayNode.elements()
Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type)
Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums
Do not rewind position when serializing direct ByteBuffer
Exception when deserialization of private record with default constructor
BeanDeserializer updates currentValue incorrectly when deserialising empty Object

jackson-dataformats-binary was upgraded to version 2.16.1:

(ion) NullPointerException in IonParser.nextToken()
(smile) Remove Smile-specific buffer-recycling

jackson-modules-base was upgraded to version 2.16.1:

(afterburner) Disable when running in native-image
(afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations
(blackbird) BlackBird proxy object error in Java 17
(blackbird) Disable when running in native-image
(guice) Add guice7 (jakarta.inject) module

jackson-parent was upgraded to version 2.16:

Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin)

jackson-parent, fasterxml-oss-parent:

Added to SUSE Manager 4.3 as it is needed by jackson-modules-base

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-1764=1

Package List:

openSUSE Leap 15.6 (noarch)
- jackson-module-mrbean-2.16.1-150200.5.11.1
- jackson-annotations-javadoc-2.16.1-150200.3.14.4
- jackson-dataformat-cbor-2.16.1-150200.3.13.6
- jackson-core-2.16.1-150200.3.14.7
- jackson-dataformats-binary-javadoc-2.16.1-150200.3.13.6
- jackson-dataformats-binary-2.16.1-150200.3.13.6
- jackson-module-paranamer-2.16.1-150200.5.11.1
- jackson-module-jaxb-annotations-2.16.1-150200.5.11.1
- jackson-modules-base-2.16.1-150200.5.11.1
- fasterxml-oss-parent-38-150200.3.2.1
- jackson-modules-base-javadoc-2.16.1-150200.5.11.1
- jackson-module-no-ctor-deser-2.16.1-150200.5.11.1
- jackson-core-javadoc-2.16.1-150200.3.14.7
- jackson-bom-2.16.1-150200.3.11.1
- jackson-dataformat-smile-2.16.1-150200.3.13.6
- jackson-module-guice-2.16.1-150200.5.11.1
- jackson-module-blackbird-2.16.1-150200.5.11.1
- jackson-parent-2.16-150200.3.10.1
- jackson-databind-2.16.1-150200.3.18.1
- jackson-databind-javadoc-2.16.1-150200.3.18.1
- jackson-module-osgi-2.16.1-150200.5.11.1
- jackson-annotations-2.16.1-150200.3.14.4
- jackson-module-afterburner-2.16.1-150200.5.11.1