Craig Muchinsky

The transitive dependency on jsoup has a vulnerability, but this library itself is not vulnerable

Any thoughts on this issue, should we consider `4.13.0` the final release that supports EE 8?

> This dependency is only used by our CLI, it is not an actual dependency of Liquibase. So you should be okay.. have you tried the newer versions of Liquibase?...

@kataggart looks like everything is fine if I stick to using the `liquibase-core` artifact, the update to the `jaxb-runtime` is not pulled in, thanks for the tip!

Can this be revisited now that Gradle 7.5 has been released?

Yes, using the attached snippet, it worked as expected. Per the JsonReader.nextString javadoc: `If the next token is a number, this method will return its string form`

Doing this at the provider level could work, however I believe the core issue is in the parser as that's where its forcing the long into a double via the...

Unfortunately it looks like `JsonReader::peeked` is package scoped and not protected

The use case is that the json we parse and filter needs to retain its original formatting so that when we do schema inference it doesn't change types from a...

Will give it a look, ideally I want an implementation that I can use in a streaming read and provider scenario. As the data is read and filtered with json...