NO AUTO: Bumps json path to 2.7.0 (#2881) #2982

ncordon · 2022-06-13T15:36:36Z

Cherry-picks #2881

Why

To avoid confusions that json-path 2.4 could be importing json-smart 2.3, that included this security vulnerability and that's why we overrode json-smart to 2.4.2 more than one year ago: #1860

The dependency tree shows 2.3 is evicted by 2.4.8:

./gradlew -q full:dependencies // or ./gradlew -q core:dependencies

+--- com.jayway.jsonpath:json-path:2.4.0
|    +--- net.minidev:json-smart:2.3 -> 2.4.8
|    |    \--- net.minidev:accessors-smart:2.4.8
|    |         \--- org.ow2.asm:asm:9.1 -> 9.2
|    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.30

Bumps json path to 2.7.0 (#2881)

0398710

ncordon added cherry-picked This PR has been cherry-picked to the other active branches 5.0 team-cypher-surface Cypher Surface team should review the PR labels Jun 13, 2022

ncordon changed the title ~~Bumps json path to 2.7.0 (#2881)~~ NO AUTO: Bumps json path to 2.7.0 (#2881) Jun 13, 2022

ncordon merged commit 1795c4d into dev Jun 13, 2022

ncordon deleted the dev-bumps-json-path branch June 13, 2022 16:22

gem-neo4j pushed a commit to gem-neo4j/neo4j-apoc-procedures that referenced this pull request Jul 12, 2022

Bumps json path to 2.7.0 (neo4j-contrib#2881) (neo4j-contrib#2982)

ecd7a1a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NO AUTO: Bumps json path to 2.7.0 (#2881) #2982

NO AUTO: Bumps json path to 2.7.0 (#2881) #2982

ncordon commented Jun 13, 2022

NO AUTO: Bumps json path to 2.7.0 (#2881) #2982

NO AUTO: Bumps json path to 2.7.0 (#2881) #2982

Conversation

ncordon commented Jun 13, 2022

Why