From 3ee63c91c5a2de55fd142284b508cea32cb778b7 Mon Sep 17 00:00:00 2001
From: Adam Valenta <adam.valenta@h2o.ai>
Date: Mon, 22 Apr 2024 17:56:54 +0200
Subject: [PATCH] Fix PRISMA-2023-0067 in main.jar

---
 h2o-assemblies/main/build.gradle | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/h2o-assemblies/main/build.gradle b/h2o-assemblies/main/build.gradle
index 6231736b5867..32d4aff208de 100644
--- a/h2o-assemblies/main/build.gradle
+++ b/h2o-assemblies/main/build.gradle
@@ -55,8 +55,10 @@ dependencies {
     api "com.google.protobuf:protobuf-java:3.21.7"
 
     constraints {
-        api('com.fasterxml.jackson.core:jackson-databind:2.13.4.2') {
+        api('com.fasterxml.jackson.core:jackson-databind:2.16.1') {
             because 'Fixes CVE-2022-42003'
+            because 'Fixes PRISMA-2023-0067'
+            because 'Fixes CVE-2023-35116'
         }
         api('org.jetbrains.kotlin:kotlin-stdlib:1.6.21') {
             because 'Fixes CVE-2020-29582'
@@ -93,10 +95,6 @@ shadowJar {
   zip64 true
   mergeServiceFiles()
   classifier = ''
-  // CDH 5.3.0 provides joda-time v1.6 which is too old, shadow the library instead
-  if (!project.hasProperty("jacocoCoverage")) {
-    relocate 'org.joda.time', 'ai.h2o.org.joda.time'
-  }
   exclude 'META-INF/*.DSA'
   exclude 'META-INF/*.SF'
   exclude 'synchronize.properties'