update json-smart to 2.4.1 and accessors-smart to 1.3 #656
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR updates the used net.minidev:json-smart library to version 1.3 to fix a security warning. The accessors-smart lib is updated too as it belongs to json-smart and is released together
Issue discussing the update is here: netplex/json-smart-v2#62
Due to the long time since last release the gpg key has changed from the maintainer and
checksum.xml
was updated too.Motivation and Context
fix security warning with CVE-2021-27568 affecting everything up to json-smart 2.4. At least NIST/MITRE assign it a HIGH criticallity by now.
How Has This Been Tested?
run
gradlew check
and use it for some days on our own setup.Screenshots (if appropriate):
Types of changes
Checklist: