Bump json-path to 2.9.0 to address CVE-2023-51074 (#1740)

* Bump json-path to 2.9.0 to address CVE-2023-51074 * suppress CVE-2023-51074
zalando · Jan 22, 2024 · 80ce728 · 80ce728
1 parent 180a1cc
commit 80ce728
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/cve-suppressions.xml b/cve-suppressions.xml
@@ -18,5 +18,8 @@
 
         <!-- vulnerability is in reserved state. No mitigation has been released yet -->
         <cve>CVE-2023-4586</cve>
+
+        <!-- fixed with json-path 2.9.0 but is still reported. Suppressing as false positive -->
+        <cve>CVE-2023-51074</cve>
     </suppress>
 </suppressions>
diff --git a/logbook-parent/pom.xml b/logbook-parent/pom.xml
@@ -29,7 +29,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
         <jackson.version>2.16.0</jackson.version>
-        <json-path.version>2.8.0</json-path.version>
+        <json-path.version>2.9.0</json-path.version>
         <kotlin.version>1.9.21</kotlin.version>
         <ktor.version>2.3.7</ktor.version>
         <netty.version>4.1.101.Final</netty.version>