From fda82d3ae1f5a4c84ebff57b4704b0350bfd244a Mon Sep 17 00:00:00 2001
From: Patrick Boos <patrick.boos@getyourguide.com>
Date: Fri, 10 Apr 2026 11:34:27 +0200
Subject: [PATCH] CHK-13321: override jackson-bom version to 3.1.1 for
 GHSA-2m67-wjpj-xhg9

The existing constraint in openapi-validation-core was not sufficient
because the Spring Boot dependency management plugin overrides strict
version constraints with the BOM-managed version (3.1.0). This adds
ext['jackson-bom.version'] = '3.1.1' to the example projects that use
the spring-dependency-management plugin, ensuring jackson-core resolves
to the patched 3.1.1 version.

Closes CHK-13321

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 examples/example-spring-boot-starter-web/build.gradle     | 2 ++
 examples/example-spring-boot-starter-webflux/build.gradle | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/examples/example-spring-boot-starter-web/build.gradle b/examples/example-spring-boot-starter-web/build.gradle
index ffcca815..af2fa2aa 100644
--- a/examples/example-spring-boot-starter-web/build.gradle
+++ b/examples/example-spring-boot-starter-web/build.gradle
@@ -5,6 +5,8 @@ plugins {
     alias(libs.plugins.openapi.generator)
 }
 
+ext['jackson-bom.version'] = '3.1.1'
+
 dependencies {
     implementation project(':examples:examples-common')
     implementation project(':spring-boot-starter:spring-boot-starter-web')
diff --git a/examples/example-spring-boot-starter-webflux/build.gradle b/examples/example-spring-boot-starter-webflux/build.gradle
index 59eaef61..11643fb8 100644
--- a/examples/example-spring-boot-starter-webflux/build.gradle
+++ b/examples/example-spring-boot-starter-webflux/build.gradle
@@ -5,6 +5,8 @@ plugins {
     alias(libs.plugins.openapi.generator)
 }
 
+ext['jackson-bom.version'] = '3.1.1'
+
 dependencies {
     implementation project(':examples:examples-common')
     implementation project(':spring-boot-starter:spring-boot-starter-webflux')