Bump com.fasterxml.jackson.core:jackson-core from 2.15.2 to 2.16.1

[dependabot]

Bumps com.fasterxml.jackson.core:jackson-core from 2.15.2 to 2.16.1.

Commits

• 249716c [maven-release-plugin] prepare release jackson-core-2.16.1
• 125f5b2 Prepare for 2.16.1 release
• 1928b07 Minor test improvements
• aa5c887 Minor tweaking post-merge wrt #1175
• 9fb3f21 Add failing tests for #1173: parse error location (#1175)
• 4eb4539 Backport #1168 in 2.16(.1)
• 571d4ae Merge branch '2.15' into 2.16
• 8f37646 Update release notes wrt #1161 backport
• 8f2f04e fastdoubleparser 1.0.0 (#1163) (#1166)
• 7f1c619 Update release notes wrt #1161
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[jamesward]

@mkurz I'm wondering if there is a way we could better organize things to avoid incompat with Play's Jackson version. We could try to move https://github.com/webjars/webjars-locator-core/blob/main/src/main/java/org/webjars/WebJarExtractor.java to https://github.com/webjars/webjars-play
My hunch is that only sbt-web / Play are the only real consumers of that API anyway. WDYT?

[dependabot]

Superseded by #145.

[mkurz]

@mkurz I'm wondering if there is a way we could better organize things to avoid incompat with Play's Jackson version. We could try to move https://github.com/webjars/webjars-locator-core/blob/main/src/main/java/org/webjars/WebJarExtractor.java to https://github.com/webjars/webjars-play My hunch is that only sbt-web / Play are the only real consumers of that API anyway. WDYT?

@jamesward That does not really work, because Play by default uses webjars-locator-core, but not webjars-play:
https://github.com/playframework/playframework/blob/3.0.2/project/plugins.sbt#L39

The webjars-play project is a nice helper project but not included into Play core.

@jamesward Actually, I just checked once more and we are OK to merge the latest jackson releases into webjars-locator-core because Play uses it it for sbt plugins (in the "meta build" in the project folder), so it does not interfere with the jackson version we pull in in the project's librarydependencies itself.