This is an automated email from the ASF dual-hosted git repository.
snuyanzin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push:
new cbe265601e5 [FLINK-36830][table] Bump json-path to 2.9.0
cbe265601e5 is described below
commit cbe265601e56b20b12deeb111727975339f06617
Author: Thomas Cooper <[email protected]>
AuthorDate: Fri Dec 6 22:06:16 2024 +0000
[FLINK-36830][table] Bump json-path to 2.9.0
Signed-off-by: Thomas Cooper <[email protected]>
---
flink-table/flink-table-calcite-bridge/pom.xml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/flink-table/flink-table-calcite-bridge/pom.xml
b/flink-table/flink-table-calcite-bridge/pom.xml
index 9b081d688ed..ae616186da0 100644
--- a/flink-table/flink-table-calcite-bridge/pom.xml
+++ b/flink-table/flink-table-calcite-bridge/pom.xml
@@ -152,9 +152,29 @@ under the License.
<groupId>org.locationtech.proj4j</groupId>
<artifactId>proj4j</artifactId>
</exclusion>
+ <!--
+ Exclude json-path as we are manually overriding
it to a newer version (FLINK-36830).
+ This can be removed once calcite is upgraded to
1.38 or greater, more details
+ in JIRA issue FLINK-36602.
+ -->
+ <exclusion>
+ <groupId>com.jayway.jsonpath</groupId>
+ <artifactId>json-path</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!--
+ Override the json-path version used by Calcite to deal with
CVE-2023-1370 (FLINK-36830).
+ This can be removed once calcite is upgraded to 1.38 or
greater, more details
+ in JIRA issue FLINK-36602.
+ -->
+ <dependency>
+ <groupId>com.jayway.jsonpath</groupId>
+ <artifactId>json-path</artifactId>
+ <version>2.9.0</version>
+ </dependency>
+
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-annotations</artifactId>
