New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] get rid of library "json-simple" #732

Closed

rudosch opened this issue Nov 28, 2022 · 0 comments

Contributor

rudosch commented Nov 28, 2022

Reasons to get rid of library com.googlecode.json-simple :

causes a hidden dependency on the old version 4.10 of the junit library, flagged with a vulnerability
causes some deprecation warnings
concentration on the use of one single JSON library

These are the changes needed :

remove dependency from com.googlecode.json-simple in pom.xml
add explicit test context dependency to newest version 4.13.2 of junit in pom.xml
modify 7 Java files (import org.json instead of org.json.simple, adapt code)
BTW update dependency for org.json to version 20220924 in pom.xml
BTW correction of some erroneous Javadoc comments in Getter.java

PR will follow ...

The text was updated successfully, but these errors were encountered:

rudosch added a commit to rudosch/SecurityShepherd that referenced this issue


          get rid of library json-simple (OWASP#732)

74561ab

rudosch mentioned this issue

get rid of library json-simple (#732) #733

Merged

ismisepaul closed this as completed in

6aae0a5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment