File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -32,6 +32,11 @@ dependencies {
3232 // :sql does not expose calcite as a dependency (maybe it should?); in the meantime, we want to make sure we can
3333 // provide reasonable error messages to the client
3434 implementation libs. calcite. core
35+ constraints {
36+ implementation(libs. json. smart) {
37+ because ' CVE-2024-57699'
38+ }
39+ }
3540
3641 implementation libs. dagger
3742 implementation libs. arrow. flight. sql
Original file line number Diff line number Diff line change @@ -8,7 +8,11 @@ awssdk = "2.29.52"
88aws-s3-tables-catalog-for-iceberg = " 0.1.6"
99# See dependency matrix for particular gRPC versions at https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty
1010boringssl = " 2.0.61.Final"
11+
12+ # Note: when bumping Calcite version, see if we still need the version constraint for json-smart
1113calcite = " 1.39.0"
14+ json-smart = " 2.5.2"
15+
1216classgraph = " 4.8.180"
1317commons-compress = " 1.28.0"
1418commons-io = " 2.20.0"
@@ -131,6 +135,7 @@ s3-tables-catalog-for-iceberg = { module = "software.amazon.s3tables:s3-tables-c
131135boringssl = { module = " io.netty:netty-tcnative-boringssl-static" , version.ref = " boringssl" }
132136
133137calcite-core = { module = " org.apache.calcite:calcite-core" , version.ref = " calcite" }
138+ json-smart = { module = " net.minidev:json-smart" , version.ref = " json-smart" }
134139
135140classgraph = { module = " io.github.classgraph:classgraph" , version.ref = " classgraph" }
136141
Original file line number Diff line number Diff line change @@ -9,6 +9,11 @@ description = 'The Deephaven SQL parser'
99dependencies {
1010 api project(' :qst' )
1111 implementation libs. calcite. core
12+ constraints {
13+ implementation(libs. json. smart) {
14+ because ' CVE-2024-57699'
15+ }
16+ }
1217
1318 compileOnly project(' :util-immutables' )
1419 annotationProcessor libs. immutables. value
You can’t perform that action at this time.
0 commit comments