Skip to content

Version withour json-smart #608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nikolakoco89 opened this issue Apr 10, 2020 · 7 comments
Open

Version withour json-smart #608

nikolakoco89 opened this issue Apr 10, 2020 · 7 comments

Comments

@nikolakoco89
Copy link

Hello,

I would like to try my luck, with a new post. Are you planning a version without json-smart? Since the library is abandoned by it's user, one of it's dependencies is really outdated and is causing conflicts in my project.
@Alanscut
Copy link
Contributor

agree, I think Jackson would be more appropriate.

@LaurentT
Copy link

Hello,
same as @nikolakoco89 , this way one could completely exclude json-smart dependency from pom.
and then we could also think making 'net.minidev.json.*;resolution:=optional' in the build gradle so we are able to choose the Jackson implementation of JsonProvider and MappingProvider?

@jobmission
Copy link

+1

@nikolakoco89
Copy link
Author

Hi everyone,
due to unresponsiveness regarding this manner, I've switched to using JSON Pointer.

Cheers

@amergey
Copy link

amergey commented Dec 14, 2020
edited
Loading

Hello,
same as @nikolakoco89 , this way one could completely exclude json-smart dependency from pom.
and then we could also think making 'net.minidev.json.*;resolution:=optional' in the build gradle so we are able to choose the Jackson implementation of JsonProvider and MappingProvider?

+1 for this solution, it would make easier to use json-path without forcing to depends of json-smart which seems dead and even worst can lead to the jvm to be killed with jdk11 (see https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/239/switch-to-other-json-library for example)

@jxv120
Copy link

jxv120 commented Mar 4, 2021

Hello guys,
Not only json-smart is abandoned but it have a critical vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-27568.

@bond- bond- mentioned this issue May 19, 2021
Closed
@uschindler
Copy link

Please help to get rid of this library. It looks like it is only hardcoded at some places (for no reason).

mkr added a commit to mkr/JsonPath that referenced this issue Apr 13, 2023
@mkr
Enable using JsonPath without json-smart dependency (json-path#608, a…
33b53c0 
…lso related to json-path#682, json-path#676, json-path#513, json-path#252)

* Replace hard-coded json-smart parser with one retrieved from context (where available) or default configuration.
* This enables a project to _exclude_ the transitive json-smart dependency when setting an alternative default configuration.
@kwvanderlinde kwvanderlinde mentioned this issue Jul 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@LaurentT @amergey @uschindler @nikolakoco89 @Alanscut @jobmission @jxv120