Update Maven wrapper (#732)

Author: asomov

.gitattributes

@@ -1,3 +1,6 @@
 # Do not merge `pom.xml` from older version, as it will typically conflict
 
 pom.xml merge=ours
+.travis.yml merge=ours
+
+release/VERSION merge=ours

.github/workflows/main.yml

@@ -4,6 +4,7 @@ on:
     branches:
     - master
     - "3.0"
+    - "2.14"
     - "2.13"
     paths-ignore:
     - "README.md"
@@ -12,6 +13,7 @@ on:
     branches:
     - master
     - "3.0"
+    - "2.14"
     - "2.13"
     paths-ignore:
     - "README.md"
@@ -22,8 +24,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # Alas, as long as JDK6 is target, cannot run against 14+
-        java_version: ['8', '11']
+        java_version: ['8', '11', '14']
         os: ['ubuntu-20.04']
     env:
       JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1"

.gitignore

@@ -10,6 +10,7 @@ syntax: glob
 
 # building
 /target
+.mvn/wrapper/maven-wrapper.jar
 
 # Eclipse
 .classpath

.mvn/wrapper/maven-wrapper.jar

@@ -1,2 +1,18 @@
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.4/apache-maven-3.8.4-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar

.mvn/wrapper/maven-wrapper.properties

@@ -28,7 +28,7 @@ Project contains versions 2.0 and above: source code for earlier (1.x) versions
 | Artifact | [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.fasterxml.jackson.core/jackson-core/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.fasterxml.jackson.core/jackson-core) |
 | OSS Sponsorship | [![Tidelift](https://tidelift.com/badges/package/maven/com.fasterxml.jackson.core:jackson-core)](https://tidelift.com/subscription/pkg/maven-com-fasterxml-jackson-core-jackson-core?utm_source=maven-com-fasterxml-jackson-core-jackson-core&utm_medium=referral&utm_campaign=readme) |
 | Javadocs | [![Javadoc](https://javadoc.io/badge/com.fasterxml.jackson.core/jackson-core.svg)](https://javadoc.io/doc/com.fasterxml.jackson.core/jackson-core) |
-| Code coverage (2.13) | [![codecov.io](https://codecov.io/github/FasterXML/jackson-core/coverage.svg?branch=2.13)](https://codecov.io/github/FasterXML/jackson-core?branch=2.13) |
+| Code coverage (3.0) | [![codecov.io](https://codecov.io/github/FasterXML/jackson-core/coverage.svg?branch=master)](https://codecov.io/github/FasterXML/jackson-core?branch=master) |
 | CodeQ (LGTM.com) | [![LGTM alerts](https://img.shields.io/lgtm/alerts/g/FasterXML/jackson-core.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/FasterXML/jackson-core/alerts/) [![Language grade: Java](https://img.shields.io/lgtm/grade/java/g/FasterXML/jackson-core.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/FasterXML/jackson-core/context:java) |
 | CodeQ (ClusterFuzz) | [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/jackson-core.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:jackson-core) |
 

README.md

@@ -0,0 +1,22 @@
+# Security Policy
+
+Last Updated: 2019-11-26
+
+## Supported Versions
+
+Current status of open branches, with new releases, can be found from [Jackson Releases](https://github.com/FasterXML/jackson/wiki/Jackson-Releases)
+wiki page
+
+## Reporting a Vulnerability
+
+The recommended mechanism for reporting possible security vulnerabilities follows
+so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://vuls.cert.org/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance)
+for general idea). The first step is to file a [Tidelift security contact](https://tidelift.com/security):
+Tidelift will route all reports via their system to maintainers of relevant package(s), and start the
+process that will evaluate concern and issue possible fixes, send update notices and so on.
+Note that you do not need to be a Tidelift subscriber to file a security contact.
+
+Alternatively you may also report possible vulnerabilities to `info` at fasterxml dot com
+mailing address. Note that filing an issue to go with report is fine, but if you do that please
+DO NOT include details of security problem in the issue but only in email contact.
+This is important to give us time to provide a patch, if necessary, for the problem.