Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bumps json path to 2.7.0 #2881

Merged
merged 1 commit into from
May 13, 2022
Merged

Bumps json path to 2.7.0 #2881

merged 1 commit into from
May 13, 2022

Conversation

ncordon
Copy link
Contributor

@ncordon ncordon commented May 12, 2022

Why

To avoid confusions that json-path 2.4 could be importing json-smart 2.3, that included this security vulnerability and that's why we overrode json-smart to 2.4.2 more than one year ago: #1860

The dependency tree shows 2.3 is evicted by 2.4.8:

./gradlew -q full:dependencies // or ./gradlew -q core:dependencies

+--- com.jayway.jsonpath:json-path:2.4.0
|    +--- net.minidev:json-smart:2.3 -> 2.4.8
|    |    \--- net.minidev:accessors-smart:2.4.8
|    |         \--- org.ow2.asm:asm:9.1 -> 9.2
|    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.30

@ncordon ncordon added 4.4 team-cypher-surface Cypher Surface team should review the PR labels May 12, 2022
@Lojjs Lojjs self-assigned this May 13, 2022
@ncordon ncordon merged commit 3e98f15 into 4.4 May 13, 2022
@ncordon ncordon deleted the 4.4-bumps-json-path branch May 13, 2022 18:05
neo4j-oss-build pushed a commit that referenced this pull request May 13, 2022
@ncordon
Bumps json path to 2.7.0 (#2881)
1f227fb
ncordon added a commit that referenced this pull request May 16, 2022
@neo4j-oss-build @ncordon
Bumps json path to 2.7.0 (#2881) (#2888)
75a7311 
Co-authored-by: Nacho Cordón <[email protected]>
ncordon added a commit that referenced this pull request Jun 13, 2022
@ncordon
Bumps json path to 2.7.0 (#2881)
0398710
@ncordon ncordon mentioned this pull request Jun 13, 2022
Merged
ncordon added a commit that referenced this pull request Jun 13, 2022
@ncordon
Bumps json path to 2.7.0 (#2881) (#2982)
1795c4d
gem-neo4j pushed a commit to gem-neo4j/neo4j-apoc-procedures that referenced this pull request Jul 12, 2022
@ncordon @gem-neo4j
Bumps json path to 2.7.0 (neo4j-contrib#2881) (neo4j-contrib#2982)
ecd7a1a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lojjs Lojjs Lojjs approved these changes

Assignees

@Lojjs Lojjs

Labels
4.4 team-cypher-surface Cypher Surface team should review the PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ncordon @Lojjs