Open denodo-research-labs opened 4 days ago
Why/where do we use json-smart? It looks unmaintained and risky. Can we just remove/replace it?
Looks like we should be able to remove this dependency completely. Less dependencies --> less security bugs
Why/where do we use json-smart? It looks unmaintained and risky. Can we just remove/replace it?
Code changes are needed, because without explicitly setting the mapping provider the default JsonSmartMappingProvider
is used.
Testing should be done with other available mapping providers such as JacksonMappingProvider
, GsonMappingProvider
, or JakartaJsonProvider
.
Upgrade json-path to 2.9.0 due CVE-2023-1370. CVE-2023-1370 is in the transitive dependency json-smart 2.4.7.
Motivation and Context
Solve CVE of severity HIGH.
Contributor checklist
Release Notes
Please follow release notes guidelines and fill in the release notes below.