Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0

[dependabot]

Bumps com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0.

Commits

• 901b398 [maven-release-plugin] prepare release jackson-bom-2.21.0
• 86a4b9f ...
• 6b5de3a Prep for 2.21 release
• 3001d78 Merge pull request #116 from FasterXML/tatu/2.21/115-fix-cyclonedx-backport-i...
• 9370292 makeAggregateBom -> makeBom
• 3e4db58 Backport #115 in 2.x for 2.21
• 0ce4467 Merge branch '2.20' into 2.x
• 0dc79f5 ...
• 6a3d76b Merge branch '2.20' into 2.x
• 1d52817 Post-release dep version bump
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #116
Resolves #115

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Review Summary

This is a dependency version bump for Jackson library. Analyzing against the checklist:

Code Quality ✅

• Code follows style guide: N/A - This is a dependency version update, no code changes
• No commented-out code: ✅ None present
• Meaningful variable names: ✅ N/A for dependency updates
• DRY principle followed: ✅ N/A for dependency updates
• Identify Defects: ✅ No defects identified. This is a minor version bump (2.20.1 → 2.21.0) in the Jackson BOM dependency

Testing ⚠️

• Unit tests for new functions: ⚠️ N/A - No new functions added
• Integration tests for new endpoints: ⚠️ N/A - No new endpoints
• Edge cases covered: ⚠️ N/A - However, existing tests should verify compatibility
• Test coverage > 80%: ⚠️ Cannot verify from diff - Recommend running full test suite to ensure Jackson 2.21.0 compatibility

Recommendation: Run mvn clean test to verify all existing tests pass with the updated Jackson version.

Documentation ✅

• Readme updated if needed: ✅ Not required for dependency updates
• API docs updated: ✅ Not required - no API changes
• Inline comments for complex logic: ✅ N/A
• CHANGELOG.md updated: ❌ Missing - Dependency updates should be documented in CHANGELOG.md
• Markdown formatting: ✅ N/A - no markdown changes

Issue: pom.xml:76 - CHANGELOG.md should document this Jackson BOM version bump from 2.20.1 to 2.21.0

Security ✅

• No hardcoded credentials: ✅ None present
• Input validation implemented: ✅ N/A
• Proper error handling: ✅ N/A
• No sensitive data in logs: ✅ None detected
• No license files (.lic) or AQAAAD strings: ✅ None present

---

Final Recommendations

1. Action Required: Update CHANGELOG.md to document the Jackson BOM version bump
2. Verification Required: Ensure full test suite passes (mvn clean test) with Jackson 2.21.0
3. Optional: Consider running code quality profiles to verify compatibility:

   mvn clean install -Pcheckstyle,spotbugs,jacoco

The change itself is straightforward and follows standard dependency management practices. The Jackson library is widely used and this minor version update should be safe, but testing verification is recommended.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide - This is a straightforward dependency version bump in a Maven POM file. No style concerns.

✅ No commented-out code - Clean change with no commented code.

✅ Meaningful variable names - N/A for dependency declarations.

✅ DRY principle followed - N/A for this change.

✅ Identify Defects - No defects identified. This is a minor version bump of the Jackson BOM from 2.20.1 to 2.21.0. Jackson 2.21.0 was released in January 2025 and includes bug fixes and improvements. The change appears safe as it's a minor version upgrade following semantic versioning.

✅ Project memory consideration - The .claude/CLAUDE.md contains project-specific build and architecture guidance. This dependency update aligns with standard maintenance practices and doesn't conflict with any documented patterns.

Testing

⚠️ Unit tests for new functions - N/A for dependency update, but recommendation: Ensure existing test suite passes with the new Jackson version. The PR should verify that:

• All existing tests pass with Jackson 2.21.0
• No serialization/deserialization behavior changes affect the gRPC message handling
• JSON exception mapping in SzGrpcEnvironment.createSzException() still works correctly (pom.xml:73)

⚠️ Test coverage - Cannot verify from diff alone. The existing test suite should provide coverage validation after the dependency update.

Documentation

✅ Readme updated if needed - Not required for a dependency version bump.

✅ API docs updated - Not required; this is an internal dependency change.

✅ Inline comments - N/A for POM changes.

⚠️ CHANGELOG.md updated - Not visible in this diff. Recommendation: CHANGELOG should document this dependency update as:

### Changed
- Bumped com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0

✅ Markdown formatting - N/A for this change.

Security

✅ No hardcoded credentials - None present.

✅ Input validation - N/A for dependency update.

✅ Proper error handling - Existing error handling should be unaffected.

✅ No sensitive data in logs - N/A for this change.

✅ No license files flagged - No .lic files or AQAAAD strings in this diff.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

This is a clean dependency update from Jackson 2.20.1 to 2.21.0. The change is low-risk as it's a minor version bump following semantic versioning.

Recommendations:

1. Verify test suite passes - Run mvn clean install with all quality profiles to ensure compatibility:

   mvn clean install -Pcheckstyle,spotbugs,jacoco

2. Update CHANGELOG.md - Document this dependency change in the changelog if not already done.

3. No action needed for documentation, security, or code style - this change is appropriately scoped.

The dependency update appears to be automated (likely from Renovate/Dependabot based on the commit pattern), which is good practice for keeping dependencies current.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

---

Code Review: jackson-bom Version Bump (2.20.1 → 2.21.0)

This is a single-line dependency version bump in pom.xml.

---

Code Quality

• ✅ Style guide — Not applicable to a dependency version bump in a POM file.
• ✅ No commented-out code — None present.
• ✅ Meaningful variable names — Not applicable.
• ✅ DRY principle — Not applicable.
• ✅ Defects / logic errors — No logic changes. The version bump from 2.20.1 to 2.21.0 is a minor version increment within the Jackson BOM, which manages consistent versions across all Jackson modules. No compatibility concerns expected for a minor release.

---

Testing

• ✅ Unit/integration tests — No new code introduced; existing tests cover behavior.
• ⚠️ Test coverage — Cannot be verified from the diff alone, but no new logic warrants additional tests.

---

Documentation

• ❌ CHANGELOG.md not updated — The CHANGELOG.md does not reflect this dependency update. Dependency bumps are typically noted under an upcoming release entry. Additionally, CHANGELOG.md line 8 appears to have a duplicate [0.4.0] heading (lines 8 and 14) — the first entry appears to be 0.4.1 content under a [0.4.0] tag, which is a pre-existing issue but worth flagging.
• ✅ No API or README changes needed — This is an internal dependency upgrade with no public API impact.

---

Security

• ✅ No hardcoded credentials — None.
• ✅ No license files checked in — None detected.
• ✅ No sensitive data — None.
• ✅ Dependency legitimacy — com.fasterxml.jackson:jackson-bom:2.21.0 is a legitimate published release from the Jackson project.

---

Summary

Area	Status
Code quality	✅
Testing	✅
CHANGELOG updated	❌
Security	✅

One actionable issue: CHANGELOG.md should be updated to document this dependency bump under the relevant upcoming release entry. The pre-existing duplicate [0.4.0] heading (where one should read [0.4.1]) in CHANGELOG.md at lines 8–13 is also worth correcting in a follow-up.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

Diff Summary: Single change — com.fasterxml.jackson:jackson-bom version bump from 2.20.1 → 2.21.0 in pom.xml:76.

---

Code Quality

• ✅ Style guide: Version bump in pom.xml follows existing formatting conventions.
• ✅ No commented-out code: Not applicable to this change.
• ✅ Meaningful variable names: Not applicable.
• ✅ DRY principle: Not applicable.
• ✅ Defects: Jackson 2.21.0 is a minor version increment within the 2.x series and is backward compatible. No logic changes introduced.
• ✅ CLAUDE.md: No concerns with project configuration.

Testing

• ✅ Unit/integration tests: No new tests needed for a dependency version bump.
• ✅ Edge cases / coverage: Not applicable.

Documentation

• ❌ CHANGELOG.md not updated: The CHANGELOG.md has no entry for this dependency update. Dependency bumps should be noted, especially for library consumers who may be affected by transitive changes.

  Additionally, the existing CHANGELOG.md has a pre-existing formatting error at lines 8–11: the ## [0.4.0] - 2026-01-07 header contains a ### Changes/Additions/Fixes in version 0.4.1 sub-section. The 0.4.1 changes should be under their own ## [0.4.1] heading.

• ✅ README / API docs / inline comments: No updates needed for this change.

• ✅ Markdown formatting: Not changed in this PR.

Security

• ✅ No hardcoded credentials.
• ✅ No sensitive data.
• ✅ No license files (.lic) checked in.
• ✅ Jackson 2.21.0 has no known CVEs and is a maintenance/feature release.

---

Summary

The change is straightforward and low-risk. The one actionable item for this PR:

1. Update CHANGELOG.md to document the Jackson BOM upgrade under the appropriate version entry.

The pre-existing CHANGELOG.md formatting issue (0.4.1 nested under the 0.4.0 header) is outside the scope of this PR but should be addressed separately.

Automated code review analyzing defects and coding standards