From 86d95396aba006bc5263857192e09f6bc3319d6c Mon Sep 17 00:00:00 2001
From: Avinash Bharti <90600575+avinash-bharti@users.noreply.github.com>
Date: Thu, 16 Apr 2026 19:14:55 +0530
Subject: [PATCH 1/2] fix(security): bump jackson.version from 2.15.2 to 2.18.6
 [APS-18063]

- Update jackson-core and jackson-databind to 2.18.6 to fix
  GHSA-72hv-8253-57qq (Number Length Constraint Bypass in Async Parser)
- Existing Dependabot PR #76 bumps only to 2.18.2 which is still vulnerable
- Fix version is 2.18.6 per the GitHub advisory

Resolves: APS-18063
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 27f7685..f80323c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
 	</distributionManagement>
 
 	<properties>
-		<jackson.version>2.15.2</jackson.version>
+		<jackson.version>2.18.6</jackson.version>
 		<junit.version>4.13.2</junit.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<maven.compiler.source>1.8</maven.compiler.source>

From 62873dd56a1c8f3f56a569b18da23a4e2bde0210 Mon Sep 17 00:00:00 2001
From: avinash-bharti <avinash.b@browserstack.com>
Date: Tue, 21 Apr 2026 12:01:36 +0530
Subject: [PATCH 2/2] CI trigger