Checkmarx found library which don't have in android project

212 views Asked by At

Checkmarx OSA found: com.fasterxml.jackson.core:jackson-databind Your version is outdated However when I scan dependency I can't find as we have any jackson libraries in project. Do you know what problem could be?

1

There are 1 answers

1
Jake Lee On

This is likely due to a library including this outdated version. To see a full list of dependencies run ./gradlew app:dependencies, which will return something similar to:

| +--- androidx.preference:preference:1.1.0
| | +--- androidx.appcompat:appcompat:1.1.0 (*)
| | +--- androidx.core:core:1.1.0 (*)
| | +--- androidx.fragment:fragment:1.1.0 (*)
| | +--- androidx.recyclerview:recyclerview:1.0.0 (*)
| | +--- androidx.annotation:annotation:1.1.0
| | \--- androidx.collection:collection:1.0.0 -> 1.1.0 (*)
| +--- androidx.lifecycle:lifecycle-extensions:2.1.0
| | +--- androidx.lifecycle:lifecycle-runtime:2.1.0 (*)
| | +--- androidx.arch.core:core-common:2.1.0 (*)
| | +--- androidx.arch.core:core-runtime:2.1.0 (*)
| | +--- androidx.fragment:fragment:1.0.0 -> 1.1.0 (*)

You can then see which library is using an outdated version of jackson-databind.