From 1861bbd10fddf40520aa99e37f375ce6bea3e1b9 Mon Sep 17 00:00:00 2001 From: Benoit Orihuela Date: Tue, 10 Jan 2023 11:51:32 +0100 Subject: [PATCH] chore: use our own build of json-merge lib - currently includes an outdated and insecure version of org.json:json lib - did a PR in 08/2022 but got no response so far (https://github.com/savvasdalkitsis/json-merge/pull/2) - so forked and published the lib on Jitpack (https://jitpack.io/#stellio-hub/json-merge) --- build.gradle.kts | 1 + search-service/build.gradle.kts | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index d789ac2a9..823f0afa6 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -34,6 +34,7 @@ plugins { subprojects { repositories { mavenCentral() + maven { url = uri("https://jitpack.io") } } apply(plugin = "io.spring.dependency-management") diff --git a/search-service/build.gradle.kts b/search-service/build.gradle.kts index e38e1cb86..9925a43c7 100644 --- a/search-service/build.gradle.kts +++ b/search-service/build.gradle.kts @@ -19,7 +19,8 @@ dependencies { implementation("org.flywaydb:flyway-core") // implementation (and not runtime) because we are using the native jsonb encoding provided by PG implementation("org.postgresql:r2dbc-postgresql") - implementation("com.savvasdalkitsis:json-merge:0.0.6") + implementation("com.github.stellio-hub:json-merge:0.1.0") + implementation("org.json:json:20220924") implementation(project(":shared")) detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.22.0")