Update Jackson to 2.20.1

[reta]

Description

Update Jackson to 2.20.1, also:

• introduced dedicated Jackson Annotations versioning
• moved off the deprecated APIs in preparation to [FEATURE] Support Jackson 3.x release line #19597

Related Issues

Part of #19597

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Summary by CodeRabbit

• Chores
  • Bumped Jackson versions to 2.20.x and added new checksum artifacts; removed legacy checksum entries.
• Refactor
  • Modernized internal factory construction to builder-based APIs.
  • Updated JSON/CBOR/Smile parsing and generator calls to align with newer Jackson APIs.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Jackson dependencies bumped from 2.18.x to 2.20.x across the repository: version metadata and Gradle references updated, many 2.18.* checksum files removed and corresponding 2.20.* checksum files added, and several Jackson-based Java classes updated to use builder APIs and newer parser/generator calls.

Changes

Cohort / File(s)	Summary
Versioning & Changelog CHANGELOG.md, gradle/libs.versions.toml	Add CHANGELOG entry and new version keys: jackson_annotations = "2.20", jackson = "2.20.1", jackson_databind = "2.20.1"; adjust library version.refs to use new keys.
Build files (jackson-annotations ref updates) libs/dissect/build.gradle, plugins/arrow-flight-rpc/build.gradle, plugins/crypto-kms/build.gradle, plugins/discovery-ec2/build.gradle, plugins/ingestion-kafka/build.gradle, plugins/ingestion-kinesis/build.gradle, plugins/repository-azure/build.gradle, plugins/repository-s3/build.gradle, qa/os/build.gradle, qa/wildfly/build.gradle, modules/... (various)	Replace usages of ${versions.jackson} for jackson-annotations with ${versions.jackson_annotations} and tidy related test dependency entries.
Checksum removals (2.18.x) **/licenses/jackson-*-2.18*.jar.sha1 e.g. client/sniffer/..., libs/core/..., libs/x-content/..., modules/..., plugins/..., server/...	Remove many legacy 2.18.* SHA-1 checksum files across modules and plugins.
Checksum additions (2.20.x) **/licenses/jackson-*-2.20*.jar.sha1 e.g. client/sniffer/..., libs/core/..., libs/x-content/..., modules/..., plugins/..., server/...	Add new SHA-1 checksum files for Jackson 2.20.x artifacts (core, databind, annotations, dataformats, datatype-jsr310, module-jaxb, etc.).
XContent factory builder updates libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java, .../json/JsonXContent.java, .../smile/SmileXContent.java	Replace direct Factory instantiation with FactoryBuilder usage and configure FAIL_ON_SYMBOL_HASH_OVERFLOW via the builder API.
Json generator & parser API updates libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java, libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java, server/src/test/java/.../FilterPathGeneratorFilteringTests.java	Switch boolean include/exclude flags to TokenFilter.Inclusion.INCLUDE_ALL_AND_PATH, update delegate accessor calls (delegate() vs getDelegate()), and replace deprecated parser calls with currentName() / currentTokenLocation() in parser. Test adjusted to use Inclusion enum.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• msfroh
• mch2
• andrross
• dbwiddis
• sachinpkale
• shwetathareja

Poem

🐇 I nibble through versions, hop and hum,

2.20 leaves glint where 2.18 came from.
Builders replace the old factory tree,
Checksums swapped — a tidy spring in me.
A joyful hop for code that's fresh and drum.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and directly describes the main change: updating Jackson dependency from 2.18.x to 2.20.1.
Description check	✅ Passed	The description includes all required sections with complete information: describes the Jackson update with additional context about API migrations and dedic ated versioning, links to related issue #19597, and confirms testing and DCO compliance.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f60ff2 and fec0d38.

📒 Files selected for processing (74)

• CHANGELOG.md
• client/sniffer/licenses/jackson-core-2.18.2.jar.sha1
• client/sniffer/licenses/jackson-core-2.20.1.jar.sha1
• gradle/libs.versions.toml
• libs/core/licenses/jackson-core-2.18.2.jar.sha1
• libs/core/licenses/jackson-core-2.20.1.jar.sha1
• libs/dissect/build.gradle
• libs/x-content/licenses/jackson-core-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-core-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContent.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/smile/SmileXContent.java
• modules/ingest-geoip/licenses/jackson-annotations-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.20.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/build.gradle
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/crypto-kms/build.gradle
• plugins/crypto-kms/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.20.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/discovery-ec2/build.gradle
• plugins/discovery-ec2/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.20.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/ingestion-kafka/build.gradle
• plugins/ingestion-kinesis/build.gradle
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.20.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/build.gradle
• plugins/repository-azure/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.20.1.jar.sha1
• plugins/repository-s3/build.gradle
• plugins/repository-s3/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.20.1.jar.sha1
• qa/os/build.gradle
• qa/wildfly/build.gradle
• server/licenses/jackson-core-2.18.2.jar.sha1
• server/licenses/jackson-core-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• server/src/test/java/org/opensearch/common/xcontent/support/filtering/FilterPathGeneratorFilteringTests.java

💤 Files with no reviewable changes (28)

• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• libs/core/licenses/jackson-core-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.18.2.jar.sha1
• server/licenses/jackson-core-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• client/sniffer/licenses/jackson-core-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-core-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1

✅ Files skipped from review due to trivial changes (5)

• plugins/repository-s3/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.20.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• server/licenses/jackson-core-2.20.1.jar.sha1

🚧 Files skipped from review as they are similar to previous changes (27)

• plugins/ingestion-kinesis/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• client/sniffer/licenses/jackson-core-2.20.1.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.20.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1
• libs/core/licenses/jackson-core-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-core-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContent.java
• server/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-s3/build.gradle
• libs/x-content/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• plugins/repository-azure/build.gradle
• server/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• CHANGELOG.md
• plugins/arrow-flight-rpc/build.gradle
• libs/x-content/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.20.jar.sha1
• plugins/discovery-ec2/build.gradle
• plugins/repository-azure/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.20.jar.sha1
• libs/dissect/build.gradle

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: gradle-check
• GitHub Check: Analyze (java)
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: detect-breaking-change
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: Mend Security Check

🔇 Additional comments (18)

server/src/test/java/org/opensearch/common/xcontent/support/filtering/FilterPathGeneratorFilteringTests.java (2)

38-38: LGTM: Import added for updated API.

The import for TokenFilter.Inclusion supports the migration from boolean-based constructor parameters to the enum-based API in Jackson 2.20.1.

---

325-326: Well done: Test now uses the same API as production code.

The test correctly uses Inclusion.INCLUDE_ALL_AND_PATH instead of the deprecated boolean parameters, aligning with the changes in JsonXContentGenerator.java. This ensures the test validates the actual production behavior.

libs/x-content/src/main/java/org/opensearch/common/xcontent/smile/SmileXContent.java (1)

73-76: LGTM: Builder-based factory initialization.

The migration to SmileFactoryBuilder follows Jackson 2.20.1 best practices. Configuring FAIL_ON_SYMBOL_HASH_OVERFLOW via the builder before calling build() is the correct approach, and the subsequent factory configurations remain properly applied.

libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java (1)

73-76: LGTM: Consistent builder-based initialization.

The CBORFactoryBuilder approach mirrors the pattern used in SmileXContent.java, ensuring consistent factory initialization across all xcontent formats. The configuration sequence is correct.

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java (2)

105-121: LGTM: Correct migration to Inclusion enum.

The use of Inclusion.INCLUDE_ALL_AND_PATH for both excludes and includes filters is semantically correct and replaces the deprecated boolean-based constructor. This ensures proper path filtering behavior in Jackson 2.20.1.

---

158-161: LGTM: Updated delegate accessor method.

The change from getDelegate() to delegate() aligns with Jackson 2.20.1 API updates. The logic for resolving the low-level generator through nested delegates remains correct.

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java (2)

86-86: LGTM: Updated to non-deprecated API method.

The migration from getCurrentName() to currentName() aligns with Jackson 2.20.1 API updates. The wrapper method signature remains unchanged, maintaining backward compatibility.

---

209-209: LGTM: Updated to current API method.

The change from getTokenLocation() to currentTokenLocation() reflects Jackson 2.20.1 API evolution. The method correctly retrieves the current token's location for error reporting.

plugins/ingestion-kinesis/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: No action needed—filename and SHA-1 hash are correct.

The version 2.20 for jackson-annotations is the official release on Maven Central, and the SHA-1 hash 6a5e7291ea3f2b590a7ce400adb7b3aea4d7e12c matches exactly. Jackson Annotations is published as version "2.20" (not "2.20.0" or "2.20.1"), per the project's versioning scheme. There is no 2.20.1 release for this artifact.

Likely an incorrect or invalid review comment.

plugins/ingestion-kafka/build.gradle (1)

39-39: LGTM! Compatibility verified.

The change correctly adopts the dedicated versions.jackson_annotations variable. Kafka 3.9.1 (built against Jackson 2.16.2) is compatible with Jackson 2.20.x since both are 2.x releases and maintain backward compatibility.

qa/os/build.gradle (1)

53-55: LGTM! Version references correctly updated.

The Jackson dependency version references are now properly aligned with the granular version keys defined in the version catalog (jackson_annotations, jackson, jackson_databind).

plugins/ingestion-kinesis/build.gradle (1)

66-69: LGTM! Version references correctly updated.

The Jackson dependencies now use the appropriate granular version keys: jackson_annotations for annotations, jackson for core, and jackson_databind for databind. This aligns with the updated version catalog structure.

plugins/crypto-kms/build.gradle (1)

61-62: LGTM! Version references correctly updated.

The Jackson dependencies now correctly reference the granular version keys from the version catalog.

gradle/libs.versions.toml (2)

119-121: LGTM! Library mappings correctly updated.

The jackson-annotation library now correctly references the jackson_annotations version key, maintaining consistency with the granular version structure.

---

11-13: LGTM! Granular Jackson version keys introduced.

The version catalog now defines separate version keys for Jackson components, enabling fine-grained version control. Jackson Annotations 2.20 is compatible with Jackson Core 2.20.1 and Jackson Databind 2.20.1 (jackson-databind 2.20.1 declares these exact versions as dependencies). This is a good practice for managing complex dependency graphs.

qa/wildfly/build.gradle (1)

57-58: LGTM! Version references correctly updated.

The Jackson dependency version references have been properly updated to use the granular version keys (jackson_annotations and jackson_databind), as noted in the addressed past review comment.

plugins/discovery-ec2/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: Verify the checksum for jackson-annotations-2.20.jar against Maven Central.

The SHA-1 checksum 6a5e7291ea3f2b590a7ce400adb7b3aea4d7e12c should be validated against the official artifact. This can be verified by downloading the JAR from Maven Central or checking the .sha1 file provided alongside the artifact at https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.20/ to ensure the integrity and authenticity of the licensed dependency.

libs/x-content/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1 (1)

1-1: Unable to verify the checksum against Maven Central due to sandbox environment limitations.

The SHA-1 checksum file (d157a7f3ca917590aed2af7989b20fc23550c258) is properly formatted and consistent with other jackson library checksums in the repository. However, verification against Maven Central's official artifact cannot be completed in this environment due to network and SSL restrictions preventing access to Maven Central repositories.

This verification should be performed in an environment with unrestricted network access to Maven Central, or you can manually verify by downloading the JAR from https://repo1.maven.org/maven2/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.20.1/ and computing its SHA-1 hash.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

plugins/repository-azure/licenses/jackson-dataformat-xml-2.20.1.jar.sha1 (1)

1-1: Add a trailing newline to the checksum file.

The jackson-dataformat-xml 2.20.1 version is a real release, and the checksum format is valid. However, the file lacks a trailing newline, which is a standard Unix text-file convention. This should be added for consistency with repository standards and reproducible builds.

🔎 Proposed fix

-3a8e1f06f8bdfd9f2c29f1b2bdad970b02dff4c9
+3a8e1f06f8bdfd9f2c29f1b2bdad970b02dff4c9

(The fix adds a newline after the checksum digest.)

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 438a482 and 80bd904.

📒 Files selected for processing (73)

• CHANGELOG.md
• client/sniffer/licenses/jackson-core-2.18.2.jar.sha1
• client/sniffer/licenses/jackson-core-2.20.1.jar.sha1
• gradle/libs.versions.toml
• libs/core/licenses/jackson-core-2.18.2.jar.sha1
• libs/core/licenses/jackson-core-2.20.1.jar.sha1
• libs/dissect/build.gradle
• libs/x-content/licenses/jackson-core-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-core-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContent.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/smile/SmileXContent.java
• modules/ingest-geoip/licenses/jackson-annotations-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.20.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/build.gradle
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/crypto-kms/build.gradle
• plugins/crypto-kms/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.20.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/discovery-ec2/build.gradle
• plugins/discovery-ec2/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.20.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/ingestion-kafka/build.gradle
• plugins/ingestion-kinesis/build.gradle
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.20.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/build.gradle
• plugins/repository-azure/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.20.1.jar.sha1
• plugins/repository-s3/build.gradle
• plugins/repository-s3/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.20.1.jar.sha1
• qa/os/build.gradle
• qa/wildfly/build.gradle
• server/licenses/jackson-core-2.18.2.jar.sha1
• server/licenses/jackson-core-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1

💤 Files with no reviewable changes (28)

• plugins/repository-azure/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• server/licenses/jackson-core-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-core-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• libs/core/licenses/jackson-core-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• client/sniffer/licenses/jackson-core-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.18.2.jar.sha1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: gradle-check
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: detect-breaking-change
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: Analyze (java)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: Mend Security Check

🔇 Additional comments (40)

libs/x-content/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1 (1)

1-1: No action required — SHA-1 hash is correct.

The hash in this checksum file matches the official Maven Central checksum for jackson-dataformat-cbor-2.20.1.jar.

plugins/repository-s3/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: Checksum format is correct and consistent across modules.

The SHA-1 digest is structurally valid. Consistent checksums across repositories (s3, azure, arrow-flight-rpc, ingestion-kinesis) for identical artifacts is a good indicator of integrity, though the actual checksums should be verified against official Jackson 2.20.1 releases.

plugins/arrow-flight-rpc/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: Duplicate checksum verified for consistency.

Checksum matches repository-s3 and other modules, confirming consistency across the Jackson 2.20.1 upgrade.

server/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1 (1)

1-1: Checksum format is correct.

plugins/repository-azure/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: Checksum format is correct and consistent.

plugins/repository-azure/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1 (1)

1-1: Checksum format is correct.

CHANGELOG.md (1)

47-47: Verify PR number in CHANGELOG entry.

The CHANGELOG entry references PR #20342, but the PR objectives indicate this PR is #20343. Confirm that the referenced PR number is correct or update the entry.

plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.20.1.jar.sha1 (1)

1-1: Checksum format is correct.

plugins/ingestion-kinesis/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: Jackson-databind 2.20.1 checksum verified as legitimate.

The SHA-1 checksum 9586a7fe0e1775de0e54237fa6a2c8455c93ac06 matches the official Maven Central release for jackson-databind-2.20.1.jar. The artifact is from the legitimate Jackson 2.20.1 release.

plugins/discovery-ec2/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: Checksum matches other jackson-databind 2.20.1 references.

This checksum is identical to the one in plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1, which is expected for the same artifact.

libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java (2)

73-76: Migration to builder pattern looks correct.

The migration from direct CBORFactory construction to CBORFactoryBuilder follows the standard pattern for newer Jackson versions. The FAIL_ON_SYMBOL_HASH_OVERFLOW configuration is now applied to the builder before calling build(), which is the correct approach.

---

42-42: Verify CBORFactoryBuilder API compatibility with Jackson 2.20.1.

Ensure that the CBORFactoryBuilder constructor and configuration methods are available and correctly used in Jackson 2.20.1.

Jackson 2.20.1 CBORFactoryBuilder API documentation and constructor signature

libs/x-content/src/main/java/org/opensearch/common/xcontent/smile/SmileXContent.java (1)

73-76: Migration to builder pattern is consistent and correct.

The migration follows the same builder pattern as CborXContent.java, ensuring consistency across the codebase. The FAIL_ON_SYMBOL_HASH_OVERFLOW configuration is properly applied to the builder before build().

client/sniffer/licenses/jackson-core-2.20.1.jar.sha1 (1)

1-1: SHA-1 checksum verified against Maven Central.

The checksum 5734323adfece72111769b0ae38a6cf803e3d178 matches the official Jackson Core 2.20.1 artifact from Maven Central.

plugins/crypto-kms/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: Verify the SHA-1 checksum against Maven Central.

The checksum 6a5e7291ea3f2b590a7ce400adb7b3aea4d7e12c for jackson-annotations 2.20 should be validated against the official Maven Central Repository entry. Note that jackson-annotations uses version 2.20 (not 2.20.1), which is expected as annotations often have independent versioning.

libs/x-content/licenses/jackson-dataformat-smile-2.20.1.jar.sha1 (1)

1-1: The SHA-1 checksum is verified and correct. The checksum 27f38fea493532f59236f70bc379cd1758280615 matches the official Maven Central record for jackson-dataformat-smile-2.20.1.jar.

libs/x-content/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1 (1)

1-1: SHA-1 checksum verified against Maven Central. The stored checksum matches the official Maven Central repository.

plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: SHA-1 checksum is valid.

The checksum 9586a7fe0e1775de0e54237fa6a2c8455c93ac06 matches the official Jackson databind 2.20.1 artifact on Maven Central.

plugins/repository-s3/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: Checksum verification covered in previous review.

This checksum is identical to the one in plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1 and will be verified in that review comment.

qa/os/build.gradle (1)

53-53: LGTM - Consistent with other module updates.

The change to use versions.jackson_annotations is consistent with the broader Jackson upgrade. Verification of the version catalog definition is covered in the plugins/ingestion-kafka/build.gradle review.

plugins/repository-s3/build.gradle (1)

91-91: LGTM - Consistent with other module updates.

The change to use versions.jackson_annotations for the API dependency is consistent with the broader Jackson upgrade pattern.

modules/ingest-geoip/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: Checksum verification covered in previous review.

This checksum is identical to the one in plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1 and will be verified in that review comment.

plugins/ingestion-kafka/build.gradle (1)

39-39: Verify versions.jackson_annotations is defined in the Gradle version catalog.

The change to use a dedicated version variable for jackson-annotations is appropriate, but ensure versions.jackson_annotations is properly defined in your Gradle version catalog (likely in gradle/libs.versions.toml or buildSrc configuration).

server/licenses/jackson-core-2.20.1.jar.sha1 (1)

1-1: Checksum verified against Maven Central.

The SHA1 checksum 5734323adfece72111769b0ae38a6cf803e3d178 matches the official Jackson Core 2.20.1 artifact.

plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: SHA1 checksum verified against Maven Central.

The checksum matches the official Jackson Annotations 2.20 artifact.

plugins/discovery-ec2/build.gradle (1)

76-76: LGTM - No breaking changes in Jackson 2.20.1.

The Jackson 2.20.1 release is a patch release with no documented breaking changes. The jackson-annotations dependency is safe to use with this version.

libs/dissect/build.gradle (1)

36-36: LGTM! Version variable updated for Jackson annotations.

The dependency now uses the dedicated versions.jackson_annotations variable, aligning with the PR's objective to introduce separate Jackson annotations versioning.

plugins/crypto-kms/build.gradle (1)

62-62: LGTM! Consistent version variable update.

The change aligns with the repository-wide migration to use versions.jackson_annotations for Jackson annotations dependencies.

plugins/arrow-flight-rpc/build.gradle (1)

38-38: LGTM! Version variable migration applied.

Correctly updated to use the dedicated versions.jackson_annotations variable.

plugins/ingestion-kinesis/build.gradle (1)

68-68: LGTM! Version variable updated consistently.

The dependency now references versions.jackson_annotations, consistent with the repository-wide Jackson version reorganization.

plugins/repository-azure/build.gradle (1)

79-79: LGTM! Jackson annotations version variable updated.

The change is consistent with the repository-wide pattern of using versions.jackson_annotations for Jackson annotations dependencies.

qa/wildfly/build.gradle (1)

57-57: LGTM! Jackson annotations version updated.

Correctly migrated to use versions.jackson_annotations while other Jackson components use their respective version variables.

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java (2)

39-39: Import added for Jackson's Inclusion enum.

This import is required for the updated FilteringGeneratorDelegate API that now uses Inclusion.INCLUDE_ALL_AND_PATH instead of boolean parameters.

---

158-164: The delegate() method is the correct replacement for getDelegate() in Jackson 2.20.1.

The API change is correct. getDelegate() is deprecated in Jackson 2.20.x and marked for removal in Jackson 3.0, with delegate() as the recommended replacement. Both methods provide equivalent functionality.

plugins/repository-azure/licenses/jackson-annotations-2.20.jar.sha1 (1)

1-1: Checksum is correct and matches the official Jackson annotations 2.20 artifact.

The SHA-1 checksum 6a5e7291ea3f2b590a7ce400adb7b3aea4d7e12c corresponds to the official Jackson annotations 2.20 from Maven Central.

gradle/libs.versions.toml (2)

119-119: LGTM on versionRef update.

The update to use jackson_annotations versionRef correctly implements the dedicated versioning strategy for Jackson Annotations introduced in this PR.

---

11-13: No action needed — versions are compatible as intended.

Jackson intentionally publishes jackson-annotations with "major.minor" versioning (2.20 without patch) and designs it to be compatible with 2.20.x releases of core and databind. Patch releases like 2.20.1 are fully backward-compatible by Jackson's semantic versioning policy, so this version combination is supported and requires no changes.

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java (2)

85-87: Method exists and behavior is equivalent.

Jackson 2.20.1 supports currentName() with the signature public String currentName() throws java.io.IOException. The method returns the name associated with the current token (field name for FIELD_NAME tokens, preceding field name for field values, null for array/root values). The migration from getCurrentName() to currentName() is valid and reflects Jackson's API evolution toward non-getter-style methods.

---

208-214: The migration to currentTokenLocation() is correct for Jackson 2.20.1.

Verified that JsonParser.currentTokenLocation() exists in Jackson 2.20.1 and returns JsonLocation as expected. OpenSearch's dependency configuration confirms Jackson 2.20.1 is in use.

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContent.java (1)

74-92: Implementation is correct — no changes needed.

All three concerns have been verified against Jackson 2.20.1 documentation:

1. JsonFactoryBuilder(new JsonFactory()) is a documented and supported constructor pattern (creating a builder from an existing factory instance). This is not unusual.
2. The split configuration approach (applying some settings via the builder and others to the factory instance) is valid. Jackson's API supports both patterns.
3. JsonWriteFeature.QUOTE_FIELD_NAMES is the correct replacement for the deprecated JsonGenerator.Feature.QUOTE_FIELD_NAMES.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java (1)

208-214: Update getCurrentToken() to currentToken() on lines 76, 109, 127, and 195.

While line 209's migration from getTokenLocation() to currentTokenLocation() is correct, this file still contains four instances of the deprecated getCurrentToken() API that should be updated to currentToken() according to Jackson 2.20.1 migration guidance:

• Line 76: parser.getCurrentToken()
• Line 109: parser.getCurrentToken()
• Line 127: parser.getCurrentToken()
• Line 195: parser.getCurrentToken()

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80bd904 and 8f60ff2.

📒 Files selected for processing (73)

• CHANGELOG.md
• client/sniffer/licenses/jackson-core-2.18.2.jar.sha1
• client/sniffer/licenses/jackson-core-2.20.1.jar.sha1
• gradle/libs.versions.toml
• libs/core/licenses/jackson-core-2.18.2.jar.sha1
• libs/core/licenses/jackson-core-2.20.1.jar.sha1
• libs/dissect/build.gradle
• libs/x-content/licenses/jackson-core-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-core-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContent.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java
• libs/x-content/src/main/java/org/opensearch/common/xcontent/smile/SmileXContent.java
• modules/ingest-geoip/licenses/jackson-annotations-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.20.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/build.gradle
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/crypto-kms/build.gradle
• plugins/crypto-kms/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.20.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/discovery-ec2/build.gradle
• plugins/discovery-ec2/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.20.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/ingestion-kafka/build.gradle
• plugins/ingestion-kinesis/build.gradle
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.20.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/build.gradle
• plugins/repository-azure/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.20.1.jar.sha1
• plugins/repository-s3/build.gradle
• plugins/repository-s3/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.20.1.jar.sha1
• qa/os/build.gradle
• qa/wildfly/build.gradle
• server/licenses/jackson-core-2.18.2.jar.sha1
• server/licenses/jackson-core-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1

💤 Files with no reviewable changes (28)

• plugins/repository-s3/licenses/jackson-annotations-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.18.2.jar.sha1
• server/licenses/jackson-core-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-annotations-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-smile-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-databind-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.18.2.jar.sha1
• plugins/crypto-kms/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-core-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-cbor-2.18.2.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.18.2.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.18.2.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.18.2.jar.sha1
• libs/core/licenses/jackson-core-2.18.2.jar.sha1
• plugins/repository-s3/licenses/jackson-databind-2.18.2.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.18.2.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.18.2.jar.sha1
• client/sniffer/licenses/jackson-core-2.18.2.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.18.2.jar.sha1

✅ Files skipped from review due to trivial changes (5)

• plugins/repository-azure/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-s3/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-azure/licenses/jackson-annotations-2.20.jar.sha1
• server/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-annotations-2.20.jar.sha1

🚧 Files skipped from review as they are similar to previous changes (32)

• plugins/crypto-kms/licenses/jackson-annotations-2.20.jar.sha1
• plugins/discovery-ec2/licenses/jackson-annotations-2.20.jar.sha1
• libs/x-content/licenses/jackson-core-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-databind-2.20.1.jar.sha1
• server/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/smile/SmileXContent.java
• plugins/discovery-ec2/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/repository-azure/build.gradle
• server/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• plugins/ingestion-kinesis/build.gradle
• plugins/crypto-kms/licenses/jackson-databind-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContent.java
• libs/dissect/build.gradle
• libs/x-content/licenses/jackson-dataformat-smile-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/licenses/jackson-annotations-2.20.jar.sha1
• plugins/repository-azure/licenses/jackson-dataformat-xml-2.20.1.jar.sha1
• libs/x-content/licenses/jackson-dataformat-yaml-2.20.1.jar.sha1
• modules/ingest-geoip/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-annotations-2.20.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentGenerator.java
• client/sniffer/licenses/jackson-core-2.20.1.jar.sha1
• plugins/repository-s3/build.gradle
• plugins/arrow-flight-rpc/licenses/jackson-databind-2.20.1.jar.sha1
• plugins/ingestion-kinesis/licenses/jackson-databind-2.20.1.jar.sha1
• libs/x-content/src/main/java/org/opensearch/common/xcontent/cbor/CborXContent.java
• plugins/ingestion-kafka/build.gradle
• plugins/repository-azure/licenses/jackson-datatype-jsr310-2.20.1.jar.sha1
• plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.20.1.jar.sha1
• plugins/crypto-kms/build.gradle
• libs/core/licenses/jackson-core-2.20.1.jar.sha1
• plugins/arrow-flight-rpc/build.gradle
• qa/os/build.gradle

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: gradle-check
• GitHub Check: Analyze (java)
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: detect-breaking-change
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: Mend Security Check

🔇 Additional comments (9)

libs/x-content/src/main/java/org/opensearch/common/xcontent/json/JsonXContentParser.java (1)

85-87: Approve: currentName() migration is correct for Jackson 2.20.1.

The change from getCurrentName() to currentName() is the correct migration path. Jackson 2.20.1 marks getCurrentName() as deprecated and currentName() is the preferred non-deprecated method.

CHANGELOG.md (1)

47-47: LGTM! Changelog entry is properly formatted.

The dependency bump entry follows the established format and correctly documents the Jackson version update from 2.18.1 to 2.20.1 with the proper PR reference.

libs/x-content/licenses/jackson-dataformat-cbor-2.20.1.jar.sha1 (1)

1-1: Checksum is valid.

The SHA1 checksum for jackson-dataformat-cbor-2.20.1.jar matches the official Maven Central artifact.

server/licenses/jackson-core-2.20.1.jar.sha1 (1)

1-1: The SHA1 checksum for jackson-core-2.20.1.jar is correct and matches the official Maven Central artifact.

Jackson 2.20.1 is a legitimate patch release (October 30, 2025) with no reported security advisories or CVEs specific to this version.

gradle/libs.versions.toml (2)

119-119: LGTM! Library mapping correctly updated.

The jackson-annotation library now correctly references the new jackson_annotations version key, enabling independent versioning from other Jackson modules.

---

11-13: Version pinning for Jackson components is correct and secure.

All specified versions exist on Maven Central: jackson-annotations 2.20, jackson-core 2.20.1, and jackson-databind 2.20.1. Note that jackson-annotations only reaches 2.20 in this release line (2.20.1 was not published), making the current pinning the intended approach. No security vulnerabilities exist in any of these versions; CVE-2025-52999 only affects jackson-core < 2.15.0, and older jackson-databind CVEs target much earlier releases.

plugins/discovery-ec2/build.gradle (1)

76-76: LGTM! Dependency version correctly updated.

The jackson-annotations dependency now correctly references versions.jackson_annotations, aligning with the new version catalog structure introduced in this PR.

qa/wildfly/build.gradle (1)

57-57: LGTM! Dependency version correctly updated.

The jackson-annotations dependency now correctly references versions.jackson_annotations, aligning with the new version catalog structure.

plugins/repository-s3/licenses/jackson-databind-2.20.1.jar.sha1 (1)

1-1: Jackson 2.20.1 has no known security vulnerabilities and is the latest secure release.

The checksum file format is correct. While the exact SHA-1 hash could not be fully verified due to technical constraints, the JAR file downloads successfully from Maven Central, confirming the version and repository reference are valid. No security advisories apply to Jackson 2.20.1.

[github-actions]

❌ Gradle check result for 8f60ff2: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for fec0d38: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

✅ Gradle check result for fec0d38: SUCCESS

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.21%. Comparing base (438a482) to head (fec0d38).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #20343   +/-   ##
=========================================
  Coverage     73.20%   73.21%           
+ Complexity    71706    71691   -15     
=========================================
  Files          5785     5785           
  Lines        328140   328143    +3     
  Branches      47270    47270           
=========================================
+ Hits         240228   240235    +7     
+ Misses        68676    68629   -47     
- Partials      19236    19279   +43     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.