Bump com.fasterxml.jackson.core:jackson-core from 2.13.5 to 2.15.0

[dependabot]

Bumps com.fasterxml.jackson.core:jackson-core from 2.13.5 to 2.15.0.

Changelog

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:[email protected]:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:[email protected]:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:[email protected]:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

Commits

• a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
• 180027a Prepare for 2.15.0 release
• 2b41925 ...
• 85340aa Merge branch '2.14' into 2.15
• ed846d9 ...
• 94ea208 Update release notes wrt #990
• a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
• 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
• 0ee3ad8 ...
• 163540e [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[absurdfarce]

Worth noting that we can't make this change on 3.x so long as we wish to maintain Java6 compat on that version. 2.13 already required Java8 for jackson-databind and Java6 for jackson-core (see here) while 2.15 follows 2.14 which made Java8 the baseline for jackson-core as well.

As of this writing 3.x is still using jackson-databind 2.7.x because that's the last version that still supports Java6.

[mkars10]

Worth noting that we can't make this change on 3.x so long as we wish to maintain Java6 compat on that version.

The newly published driver docs mentions that the minimum compatible version is Java8. Is it 6 or 8?

If still 6, it would be nice to bump to 8 so some of these dependencies can get updated.

[absurdfarce]

Hey @mkars10 , you're absolutely correct that the docs mention Java compat for 4.x is currently Java8. That info is correct. My comment above covered the earlier 3.x branch of the Java driver; that version still aims to support Java6 and forward (at least for now). We mention this different limitation for 3.x here.

Hopefully this clarifies things... if not let me know!

[lukasz-antoniak]

@absurdfarce, What do you think about upgrading to latest 2.20.1? There are some API changes within Jackson, but I do not find anything impacting driver directly. 2.15.0 has been released on Apr 23, 2023, whereas 2.20.1 on Oct 31, 2025. Latest Spring Boot seems to use 2.20.1 as well (here).

[absurdfarce]

It's an excellent point @lukasz-antoniak. I had it in my head that we had to continue using something in the range of 2.15.x because subsequent versions moved up to requiring Java11 but the docs pretty clearly indicate that isn't the case... it looks like even up through 2.20.x it's still Java8 (with a few exceptions for extensions that we aren't using).

I'm guessing I was thinking of the Java6 requirements for 3.x and somehow transplanted those on to 4.x... but clearly that's wrong. I'll try a new PR with 2.20.2 and see where that lands.

[absurdfarce]

Apologies, I noticed the page for 2.20.2 in the Jackson docs but missed that it hasn't been released yet. 2.20.1 it is!