22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[perkss]

Fix issues #22805

Upgrade Jackson version from vulnerable 2.13.0 to 2.13.3. As per snyk

---

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

• Choose reviewer(s) and mention them in a comment (R: @username).
• Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
• Update CHANGES.md with noteworthy changes.
• If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

See CI.md for more information about GitHub Actions CI.

[codecov]

Codecov Report

Merging #22806 (4e5ff94) into master (f921a2f) will increase coverage by 0.06%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #22806      +/-   ##
==========================================
+ Coverage   74.09%   74.16%   +0.06%     
==========================================
  Files         712      712              
  Lines       93832    94116     +284     
==========================================
+ Hits        69524    69797     +273     
- Misses      23028    23039      +11     
  Partials     1280     1280              

Flag	Coverage Δ
python	83.57% <ø> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
sdks/python/apache_beam/runners/direct/executor.py	96.46% <0.00%> (-0.55%)	⬇️
...s/python/apache_beam/examples/wordcount_minimal.py	92.59% <0.00%> (-0.27%)	⬇️
...ks/python/apache_beam/runners/worker/sdk_worker.py	88.94% <0.00%> (-0.16%)	⬇️
...hon/apache_beam/runners/worker/bundle_processor.py	93.54% <0.00%> (-0.13%)	⬇️
sdks/python/apache_beam/typehints/schemas.py	94.06% <0.00%> (-0.09%)	⬇️
sdks/python/apache_beam/portability/common_urns.py	100.00% <0.00%> (ø)
...pi/org/apache/beam/model/pipeline/v1/schema_pb2.py	100.00% <0.00%> (ø)
...g/apache/beam/model/pipeline/v1/schema_pb2_urns.py	100.00% <0.00%> (ø)
sdks/python/apache_beam/dataframe/io.py	89.32% <0.00%> (+0.05%)	⬆️
sdks/python/apache_beam/io/fileio.py	96.05% <0.00%> (+0.06%)	⬆️
... and 3 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[github-actions]

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @damccorm for label build.

Available commands:

• stop reviewer notifications - opt out of the automated review tooling
• remind me after tests pass - tag the comment author after tests pass
• waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

[perkss]

@pabloem can you please check on this review?

[github-actions]

Reminder, please take a look at this pr: @damccorm

[damccorm]

retest this please

[damccorm]

(talking to the bot to get it to rerun checks since there was a license issue causing problems ^)

[damccorm]

@perkss looks like this is causing pulling licenses to fail with:

09:12:04 > Task :sdks:java:container:pullLicenses
09:12:04 ERROR:root:['jackson-bom-2.13.3']
09:12:04 ERROR:root:**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]
09:12:04 INFO:root:pull_licenses_java.py failed. It took 7.957456 seconds with 16 threads.
09:12:04 Traceback (most recent call last):
09:12:04   File "/home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/pull_licenses_java.py", line 326, in <module>
09:12:04     raise RuntimeError('{n} error(s) occurred.'.format(n=len(error_msg)),
09:12:04 RuntimeError: ('2 error(s) occurred.', ['**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]', '**************************************** License type of some dependencies were not identified. The license type is used to decide whether the source code of the dependency should be pulled or not. Please add "type" field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each dependency. Dependency List: [jackson-bom-2.13.3]'])

Could you take a look? Looks like we should just need to add a type field here -

beam/sdks/java/container/license_scripts/dep_urls_java.yaml

Line 56 in e9089dd

jackson-bom:

[perkss]

@perkss looks like this is causing pulling licenses to fail with:

09:12:04 > Task :sdks:java:container:pullLicenses
09:12:04 ERROR:root:['jackson-bom-2.13.3']
09:12:04 ERROR:root:**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]
09:12:04 INFO:root:pull_licenses_java.py failed. It took 7.957456 seconds with 16 threads.
09:12:04 Traceback (most recent call last):
09:12:04   File "/home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/pull_licenses_java.py", line 326, in <module>
09:12:04     raise RuntimeError('{n} error(s) occurred.'.format(n=len(error_msg)),
09:12:04 RuntimeError: ('2 error(s) occurred.', ['**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]', '**************************************** License type of some dependencies were not identified. The license type is used to decide whether the source code of the dependency should be pulled or not. Please add "type" field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each dependency. Dependency List: [jackson-bom-2.13.3]'])

Could you take a look? Looks like we should just need to add a type field here -

beam/sdks/java/container/license_scripts/dep_urls_java.yaml

Line 56 in e9089dd

jackson-bom:

Thanks yes should have spotted this updated now

[damccorm]

Run Typescript PreCommit

[damccorm]

Run SQL PreCommit

[damccorm]

Run Python PreCommit

[damccorm]

Run Python PreCommit

[damccorm]

Run Python PreCommit

[damccorm]

LGTM - thanks!