jackson 2.9.8 -> 2.9.9

[sullis]

Description

Motivation and Context

Testing

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• I have read the CONTRIBUTING document
• Local run of mvn install succeeds
• My code follows the code style of this project
• My change requires a change to the Javadoc documentation
• I have updated the Javadoc documentation accordingly
• I have read the README document
• I have added tests to cover my changes
• All new and existing tests passed
• A short description of the change has been added to the CHANGELOG
• My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

• I confirm that this pull request can be released under the Apache 2 license

[codecov-io]

Codecov Report

Merging #1269 into master will increase coverage by 0.01%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master    #1269      +/-   ##
============================================
+ Coverage     70.12%   70.14%   +0.01%     
  Complexity      188      188              
============================================
  Files           776      776              
  Lines         24122    24122              
  Branches       1799     1799              
============================================
+ Hits          16916    16920       +4     
+ Misses         6422     6420       -2     
+ Partials        784      782       -2

Flag	Coverage Δ	Complexity Δ
#unittests	70.14% <ø> (+0.01%)	188 <ø> (ø)	⬇️

Impacted Files	Coverage Δ	Complexity Δ
...o/netty/internal/http2/HttpOrHttp2ChannelPool.java	79.56% <0%> (+1.07%)	0% <0%> (ø)	⬇️
...nio/netty/internal/OldConnectionReaperHandler.java	90.9% <0%> (+9.09%)	0% <0%> (ø)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b948ab9...fa4afaf. Read the comment docs.

[varunnvs92]

changes in Jackson 2.9.9 seems fine and don't have breaking changes. Approving the PR.
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9

[varunnvs92]

There was a report of v2.9.9 introducing incompatible combination of versions. This might affect customers who use those dependencies. Holding off merging for further investigation.

[candrews]

IMHO, this version bump should be prioritized as it addresses a security issue, CVE-2019-12086: FasterXML/jackson-databind#2326

[dagnir]

For core changes, please use 'AWS SDK for Java v2'

[Ristop]

Perhaps bump it to 2.9.9.1 to address https://nvd.nist.gov/vuln/detail/CVE-2019-12814

[sullis]

obsolete