From 23f56a2df4f47778056179f62ccbdb29b9066c41 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Fri, 13 Mar 2026 14:35:30 +0000
Subject: [PATCH 1/2] Fixes jackson vulnerability by copying C3DC

---
 pom.xml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3f50c5c..3ecdff9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,6 +33,13 @@
 
     <dependencyManagement>
         <dependencies>
+            <dependency>
+                <groupId>com.fasterxml.jackson</groupId>
+                <artifactId>jackson-bom</artifactId>
+                <version>2.18.6</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
             <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-codec</artifactId>
@@ -220,7 +227,6 @@
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-yaml</artifactId>
-            <version>2.15.2</version>
         </dependency>
         <!-- Neo4j Graphql -->
         <dependency>

From dc5356c117d0a994352f0baefa35a8150a971c33 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Fri, 13 Mar 2026 15:01:35 +0000
Subject: [PATCH 2/2] Removed unused dependency

---
 pom.xml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3ecdff9..9e68054 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,13 +33,6 @@
 
     <dependencyManagement>
         <dependencies>
-            <dependency>
-                <groupId>com.fasterxml.jackson</groupId>
-                <artifactId>jackson-bom</artifactId>
-                <version>2.18.6</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
             <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-codec</artifactId>
@@ -224,10 +217,6 @@
             <version>1.5.1</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.dataformat</groupId>
-            <artifactId>jackson-dataformat-yaml</artifactId>
-        </dependency>
         <!-- Neo4j Graphql -->
         <dependency>
             <groupId>org.neo4j</groupId>
@@ -320,10 +309,6 @@
                     <groupId>joda-time</groupId>
                     <artifactId>joda-time</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>com.fasterxml.jackson.dataformat</groupId>
-                    <artifactId>jackson-dataformat-yaml</artifactId>
-                </exclusion>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
                     <artifactId>log4j-api</artifactId>