Skip to content

Use latest json-smart lib #1223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 11, 2025
Merged

Use latest json-smart lib #1223

merged 2 commits into from
Mar 11, 2025

Conversation

@martin-gaievski
Copy link
Member

@martin-gaievski martin-gaievski commented Mar 11, 2025
edited
Loading

Description

json-path 2.9.0 has been flagged in CVE-2024-57699. They do not have fix yet, and their devs suggest to switch to json-smart json-path/JsonPath#1031.

We need to have this library for ml-commons, follow their strategy: keep json-path, but excluding json-smart part of it, and include json-mart of the proper version separately.

Picking up version of json-smart from the OS core, they added in the recent PR opensearch-project/OpenSearch#17569

Related Issues

#1222

Check List

  • [ ] New functionality includes testing.
  • [ ] New functionality has been documented.
  • [ ] API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • [ ] Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@martin-gaievski martin-gaievski added skip-changelog Maintenance Add support for new versions of OpenSearch/Dashboards from upstream v3.0.0 v3.0.0 labels Mar 11, 2025
@martin-gaievski martin-gaievski force-pushed the fixed_cve_for_jayway_json_lib branch from c14ee89 to 55d2acc Compare March 11, 2025 16:44
@martin-gaievski martin-gaievski force-pushed the fixed_cve_for_jayway_json_lib branch from 55d2acc to cb6f59a Compare March 11, 2025 16:49
@codecov
Copy link

codecov bot commented Mar 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.79%. Comparing base (5f25d6c) to head (0a20b75).
Report is 84 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #1223      +/-   ##
============================================
- Coverage     81.80%   81.79%   -0.02%     
+ Complexity     2606     1303    -1303     
============================================
  Files           190       95      -95     
  Lines          8922     4461    -4461     
  Branches       1520      760     -760     
============================================
- Hits           7299     3649    -3650     
+ Misses         1032      517     -515     
+ Partials        591      295     -296

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@martin-gaievski martin-gaievski marked this pull request as ready for review March 11, 2025 17:27
@martin-gaievski martin-gaievski changed the title Switch from json-path 2.9.0 to latest json-smart Use latest json-smart lib Mar 11, 2025
@martin-gaievski martin-gaievski merged commit 57124dd into opensearch-project:main Mar 11, 2025
74 checks passed
@martin-gaievski martin-gaievski deleted the fixed_cve_for_jayway_json_lib branch March 11, 2025 23:51
ryanbogan pushed a commit to ryanbogan/neural-search that referenced this pull request Apr 10, 2025
@martin-gaievski @ryanbogan
Use latest json-smart lib (opensearch-project#1223)
e919782 
* Switch from json-path 2.9.0 to latest json-smart

Signed-off-by: Martin Gaievski <[email protected]>
@heemin32 heemin32 added backport 2.x Label will add auto workflow to backport PR to 2.x branch backport 2.19 labels Jul 18, 2025
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 18, 2025
@martin-gaievski @github-actions
Use latest json-smart lib (#1223)
5746ee4 
* Switch from json-path 2.9.0 to latest json-smart

Signed-off-by: Martin Gaievski <[email protected]>
(cherry picked from commit 57124dd)
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 18, 2025
@martin-gaievski @github-actions
Use latest json-smart lib (#1223)
1ed0d19 
* Switch from json-path 2.9.0 to latest json-smart

Signed-off-by: Martin Gaievski <[email protected]>
(cherry picked from commit 57124dd)
This was referenced Jul 18, 2025
Merged
Merged
heemin32 pushed a commit that referenced this pull request Jul 18, 2025
@opensearch-trigger-bot @martin-gaievski
Use latest json-smart lib (#1223) (#1460)
a1e1f4a 
* Switch from json-path 2.9.0 to latest json-smart


(cherry picked from commit 57124dd)

Signed-off-by: Martin Gaievski <[email protected]>
Co-authored-by: Martin Gaievski <[email protected]>
heemin32 pushed a commit that referenced this pull request Jul 18, 2025
@opensearch-trigger-bot @martin-gaievski
Use latest json-smart lib (#1223) (#1461)
d19ce6e 
* Switch from json-path 2.9.0 to latest json-smart


(cherry picked from commit 57124dd)

Signed-off-by: Martin Gaievski <[email protected]>
Co-authored-by: Martin Gaievski <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@heemin32 heemin32 heemin32 approved these changes

@junqiu-lei junqiu-lei junqiu-lei approved these changes

@navneet1v navneet1v Awaiting requested review from navneet1v navneet1v is a code owner

@VijayanB VijayanB Awaiting requested review from VijayanB VijayanB is a code owner

@vamshin vamshin Awaiting requested review from vamshin vamshin is a code owner

@jmazanec15 jmazanec15 Awaiting requested review from jmazanec15 jmazanec15 is a code owner

@naveentatikonda naveentatikonda Awaiting requested review from naveentatikonda naveentatikonda is a code owner

@sean-zheng-amazon sean-zheng-amazon Awaiting requested review from sean-zheng-amazon sean-zheng-amazon is a code owner

@model-collapse model-collapse Awaiting requested review from model-collapse model-collapse is a code owner

@zane-neo zane-neo Awaiting requested review from zane-neo zane-neo is a code owner

@vibrantvarun vibrantvarun Awaiting requested review from vibrantvarun vibrantvarun is a code owner

@zhichao-aws zhichao-aws Awaiting requested review from zhichao-aws zhichao-aws is a code owner

@yuye-aws yuye-aws Awaiting requested review from yuye-aws yuye-aws is a code owner

@minalsha minalsha Awaiting requested review from minalsha minalsha is a code owner

Assignees

No one assigned

Labels

backport 2.x Label will add auto workflow to backport PR to 2.x branch backport 2.19 Maintenance Add support for new versions of OpenSearch/Dashboards from upstream skip-changelog v3.0.0 v3.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@martin-gaievski @heemin32 @junqiu-lei