Cucumber messages next upgrade ( io.cucumber) and Jackson
Is a minor upgrade of io.cucumber:messages 18.0.0 possible upgrading jackson-databind to a non-vulnerable version. Currently its leveraging 2.13.2 which is flagged as vulnerable CVE-2020-36518 causing io.cucumber:messages to be flagged as vulnerable.
Maven Repository: io.cucumber » messages » 18.0.0 (mvnrepository.com)
