Merge pull request #178 from bci-oss/fix-cve-json-smart

Fix: fixed CVE-2024-57699
eclipse-tractusx · Feb 11, 2025 · 4233b34 · 4233b34
2 parents d65b9d3 + 26ae4df
commit 4233b34
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.6.1
+### Added
+### fixed
+- fixed cve net.minidev:json-smart CVE-2024-57699
+
 ## 0.6.0
 ### Added
 ### fixed

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -38,8 +38,6 @@ maven/mavencentral/javax.activation/javax.activation-api/1.2.0, (CDDL-1.1 OR GPL
 maven/mavencentral/javax.xml.bind/jaxb-api/2.3.1, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16911
 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.15.10, Apache-2.0, approved, #16009
 maven/mavencentral/net.bytebuddy/byte-buddy/1.15.10, Apache-2.0 AND BSD-3-Clause, approved, #16008
-maven/mavencentral/net.minidev/accessors-smart/2.5.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/net.minidev/json-smart/2.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.antlr/antlr4-runtime/4.13.0, BSD-3-Clause, approved, #10767
 maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, #17660
 maven/mavencentral/org.apache.commons/commons-lang3/3.17.0, Apache-2.0, approved, #16044
@@ -67,7 +65,6 @@ maven/mavencentral/org.mockito/mockito-core/5.14.2, MIT AND (Apache-2.0 AND MIT)
 maven/mavencentral/org.mockito/mockito-junit-jupiter/5.14.2, MIT, approved, #16376
 maven/mavencentral/org.openapitools/jackson-databind-nullable/0.2.5, Apache-2.0, approved, #3294
 maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
-maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
 maven/mavencentral/org.postgresql/postgresql/42.7.2, BSD-2-Clause AND Apache-2.0, approved, #11681
 maven/mavencentral/org.projectlombok/lombok/1.18.34, MIT, approved, #15192
 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332

diff --git a/pom.xml b/pom.xml
@@ -119,6 +119,12 @@
             </exclusion>
          </exclusions>
       </dependency>
+      <dependency>
+         <groupId>net.minidev</groupId>
+         <artifactId>json-smart</artifactId>
+         <version>2.4.11</version>
+         <scope>test</scope>
+      </dependency>
       <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-data-jpa</artifactId>