sdk-java Bump jsonpath to 2.9.0 to fix the vulnerability

Bump jsonpath to 2.9.0 to fix the vulnerability

Open vishnu1074 opened this issue 1 year ago • 1 comments

Currently temporal-testing is using json path 2.8.0 which is causing the temporal-testing to have a CVE detected in maven.

Temporal-testing mvn: https://mvnrepository.com/artifact/io.temporal/temporal-testing/1.23.2

jsonpath mvn: https://mvnrepository.com/artifact/com.jayway.jsonpath/json-path

To fix this, I am bumping the jsonpath version to 2.9.0 which seems to be free from the cve.

I want to use temporal for my projects and snyk is detecting a vulnerability for temporal-testing jar(3p vulnerability). Hence fixing this.

Jun 19 '24 08:06 vishnu1074